View this email in your browser

A Big Month in Personal Privacy
May 2018

Many of you may have started seeing various sites and services email updates to privacy policy or banners asking for your consent to collect, store, and use your information. All of these updates and prompts are no coincidence: as of May 25th, the General Data Protection Regulation (GDPR) law enacted by the European Union will be enforceable, and with it potentially significant changes in what companies, services, and applications do to interface with end users and their personal data will follow.

This month we focus on the high level aspects of GDPR and what it means for both businesses and end users, as well as inform you on what NocTel has been up to in relation to your organization's staff and potentially customers' data privacy and protection.
What is the Intent and Scope of GDPR?

GDPR applies to EU residents' personal data. "Personal data" under GDPR definition is much broader than Personally Identifiable Information (PII), which is the common term used in America in regard to personal data. Personal data in the GDPR scope is practically any information that alone or in conjunction with other data, can identify a natural person.

The intent of GDPR is to give end users transparency and basic rights to data pertaining to them, whether that be an address, a name, or even very sensitive information such as genetic information, sexual orientation, or religious affiliation. It also includes relatively inane information like personal hobbies or whether you've purchased a TV in the last 6 months. For companies this means if you collect it, process it, store it, or share it; you more than likely need to seek compliance.
Transparent Informed Consent to Personal Data

Until now, most services and apps that use personal data have generally buried them in a lengthy and confusing Terms of Service agreement. Other places such as the Google Play Store or iOS App Store give a generic list of permissions without details on what the app's publisher really does with that personal data. Yet others simply don't ask at all and presume access to the content is consent.

GDPR changes this dramatically by making it punishable in the event a data breach occurs or complaint is lodged exposing unacceptable collection, sharing, storage, processing, and/or protection of personal data. As a result, personal data must be opted-in explicitly through an informed consent mechanism in order to collect, store, process, and potentially share data.
So What Does This Mean for Businesses?
The degree of change in services and applications will vary wildly from business to business. Businesses most impacted by GDPR are B2C (business-to-consumer) operations. So think your residential ISP, social networks, Netflix, Amazon, Youtube, etc. - businesses that sell or reach directly to you, the consumer, and not to other companies. B2B (business-to-business) companies, which are generally service providers (of which NocTel is!) are less impacted due to the basis of handling personal data being to provide services and manageability. In B2B relationships, the company receiving services from another is generally responsible for obtaining consent from affected staff to use relevant personal data the service may need since the subscribed services are used for the purpose of business. This places such services under the purview of things such as company Acceptable and Fair Use policies. Personal data tied to staff are also generally limited to data that associates the individual to the organization for the purpose of business.

While GDPR is scoped at EU residents, the ubiquity of digital services on a global scale has made it easier than ever to have just as many foreign customers as domestic. This means the safest bet for most companies is to implement GDPR compliance for all customers regardless of if they are EU residents or not. Unfortunately, with most laws there is always contention over what correct interpretation looks like. With GDPR, the world is left guessing as to how thoroughly and accurately any given company has implemented compliance until an initial series of incidents helps form a notion of precedence of interpretation. The upside is as end users of many services we can expect better handling, control, and transparency over personal data - even if we aren't EU residents.

You can read up on how NocTel handles personal data in the following section and access related relevant resources.
What is NocTel Doing About
Data Privacy and Transparency?
NocTel has made available and continues to work at improving and providing resources to make it clear we take the privacy of your data seriously and are at work ensuring your trust is well deserved. We highly recommend you spend time reading through these materials to become familiar with how data privacy is changing not just for NocTel, but for many companies the world over and likely for you as an end user across possibly many services and systems.

Take a look at:

-Our Updated Privacy Policy
-Updated Terms of Service
-Knowledge Base Guidelines on GDPR Terms
-Technical Blog Discussion on GDPR, Compliance Implementation, and Implications

As always, if you have questions feel free to reach out to us at

This email was sent to <<Email Address>>
why did I get this?    unsubscribe from this list    update subscription preferences
NocTel Communications, Inc. · 3242 NE 3rd Ave # 230 · Camas, WA 98607-2408 · USA

Email Marketing Powered by Mailchimp