The General Data Protection Regulation (GDPR), which will apply from 25 May 2018, creates consistent data protection rules across Europe. It applies to companies that are based in the EU and global companies that process personal data about individuals in the EU.
While many of the principles build on current EU data protection rules, the GDPR has a wider scope, more prescriptive standards, and substantial fines. For example, it requires a higher standard of consent for using some types of data and broadens individuals’ rights with respect to accessing and porting their data. It also establishes significant enforcement powers, allowing a company’s supervisory authority to seek fines of up to 4% of global annual revenue for certain violations.
Lucubrate’s commitment & preparation
Data protection is central to the Lucubrate project and owning company.
We comply with current EU data protection law and will comply with the GDPR. Our GDPR preparations are well underway, supported by the largest cross-functional team in Lucubrate’s history.
Our Data Policy will remain the single consolidated place that maps out the ways in which we process people’s personal data, but we’ll also provide education through consent experiences for new and existing users, in-product notifications and consumer education campaigns.
We’ll continue to provide people with control over how their data is used. To build on this, we’re simplifying the design of our privacy settings in a privacy center. We’ll also provide refreshers for people as they use the Lucubrate platform.
We are accountable for our practices and have code of ethics that explain how we think about privacy and running business. We regularly follow up rules and regulation from around the world to keep best practices.