Many of the clients and freelancers registered on Upwork may be wondering how we’re handling the upcoming GDPR compliance. Upwork’s Legal and Information Security and Privacy teams have carefully analyzed the new regulation and are undertaking the necessary steps to ensure that we comply. As always, we value you and your confidence in sharing personal data with Upwork. We treat your privacy with extreme seriousness and we will meet the requirements of GDPR by its deadline, May 25, 2018.
The General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in the last 20 years. GDPR gives EU residents more clarity and control over how their personal data is used. Personal data is anything that can directly or indirectly identify a person, such as a photo, name, bank details, medical information, computer IP address, and so on. This European-wide law replaces the 1995 Data Protection Directive 95/46/EC.
Increased scope
The regulation applies to any business, whether it’s located in the EU or not, that processes personal data of EU residents. It also places additional obligations on companies and grants additional privacy rights to EU residents.
Legitimacy to process personal data
Companies can directly market to customers based on a legitimate interest. For organizations that don’t have a legal basis, the company can obtain the customer’s consent. Under the new regulation, obtaining and documenting consent requires more effort as EU residents must provide explicit consent. What’s more, it should be just as easy and straightforward to give consent, as it is to withdraw it.
GDPR goes into effect on May 25, 2018. It will affect all Upwork clients and freelancers who reside in the EU. On or around the May 25th GDPR effective date, both EU and non-EU residents will need to consent to the revised Privacy Policy that will appear on Upwork’s website. New users residing in the EU will also have the choice to opt-in to receiving marketing emails.
GDPR and your business
If you have or may have EU-based clients, or you process or may process personal data of EU-based individuals, it’s a good idea to familiarize yourself with the GDPR. Know what rights the regulation grants EU-based individuals, and the obligations it places on your business. It may benefit you to identify potential issues and discuss requirements with a client or potential client, before starting a project.
If you are likely to process EU-based individuals’ personal data for a client, consider taking the Data Protection Self-Assessment offered by the UK Information Commissioner’s Office.
As always, protecting your information is extremely important to Upwork. Although the GDPR requires a few changes, we see the new regulation as a positive way to enhance services for Upwork users who reside in the EU.
This site is intended to provide helpful guidance to customers on the GDPR and not as a comprehensive solution or legal advice. Each business should undertake their own steps to ensure compliance.