The EU introduced important new data privacy legislation called the General Data Protection Regulation (GDPR) which has been in effect since May 25th, 2018. This regulation was introduced to strengthen the privacy rights of EU citizens. We require anybody collecting data on EU citizens to have their EU Citizen Data Privacy Setting enabled.
What constitutes EU citizen data?
EU citizen data is any information collected via an Ona form related to an EU citizen that can be used to directly or indirectly identify that EU citizen. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
It does not include Ona user information. For example, if you are signing up as an EU citizen, or sharing projects with an Ona user that is an EU citizen, you do not need to have GDPR-compliant forms. Furthermore, only the organization or personal account containing the forms collecting data on EU citizens must be a GDPR-compliant account.
Why does Ona need to know?
The GDPR is meant to protect personal data and how organizations process, store, and destroy this data. It applies to anyone collecting data on EU citizens (even inadvertently) and threatens steep financial penalties for non-compliance.
The security and privacy of our users and the data they collect have always been our top priority, and we are fully committed to complying with the GDPR.