Office Watch, your privacy and GDPR
You’ve been getting a lot of special emails from companies about the data and emails they send you. That’s all because of GDPR or General Data Protection Regulation that comes into force on 25 May 2018.
We’ll explain a little about GDPR below but first we’ll explain what will change at Office Watch.
No change, because Office Watch has always had a strict policy about customer data and privacy. We’ve taken customer privacy seriously long before most people even thought about it.
All our email newsletters have been ‘opt-in’ ever since they started in 1996. We only send our emails to people who have explicitly asked for it. Some of our readers have been getting our newsletters since the 20th Century!
If someone doesn’t want to receive our newsletters, there’s an Unsubscribe link at the bottom of each issue.
There’s also ‘Change of Address’ instructions because that’s more common than people leaving.
People who have bought our ebooks have their details saved in a totally separate list.
We occasionally send emails to our past customers to let them know about updates to their past purchases, new books etc.
Customers can stop getting those intermittent emails from the Update Account Details link after login to their ebook account.
As we’ve mentioned before, Office Watch has always taken a ‘minimal data‘ approach. Instead of accumulating as much info as we can about people, we deliberately keep only what we need to provide the requested services.
For the newsletters, that means just the email address and perhaps first/last name.
For book customers, email address, first/last name, company (if applicable) and an encrypted version of the login password. Obviously, also the purchased book details (book, date purchased, transaction ID).
We do NOT receive or store credit card details. Credit card details are directly given to the payment provider (usually Paypal) on their site, Office-Watch.com never ‘sees’ them.
Data Protection Officer (DPO)
Office Watch is a small organization and doesn’t need to appoint a DPO or Data Protection Officer under the GDPR laws.
But we’ve done it anyway. Our co-founder and Editor-in-Chief, Peter Deegan, is our DPO. He’s the guy who has always held a firm line on customer privacy at Office Watch. Contact Peter via our Feedback form.
The General Data Protection Regulation is a European Union law which has high penalties and a reach beyond European borders.
In theory, it applies to any organization (not just companies) that trades with or ‘monitors the behaviour’ of, EU subjects.
In practice, it’s often hard to know if someone is a ‘EU subject’ or not. As an example of the ‘EU subject’ problem … someone with a @gmail.com or @outlook.com address could come from anywhere in the world. In reverse, a person with a @post.de @Yahoo.it or @Poczta.fm address is probably European but not certainly. People move between countries and can become an ‘EU subject’ without an organization knowing.
So, most organization are applying GDPR standards to all their customers. It’s why we’ve all been getting emails confirming data retention and subscriptions. That’s become more important since the recent Facebook/Cambridge Analytica revelations.