Utility

GDPR – what is it and do we need to be concerned about it?

By Gary Sanders | May 29, 2018

If you’re anything like me, you’ve been inundated with emails over the last few weeks with privacy policy updates from what seems like every site you’ve ever visited. Of course, this isn’t a random occurrence – it is related to the GDPR becoming effective last week.

I recently received an email from a newsletter subscriber asking if I had any information about the GDPR and compliance by local governments. This newsletter is a more in-depth response to what I replied to her.

DISCLAIMER: I am not an attorney and the information here is not intended to serve as legal advice. If you have legal questions concerning compliance with the GDPR, please consult with your attorney. This also is targeted at utilities outside the European Union, specifically in the United States. If your utility is located within the European Union, this may not apply.

What is the GDPR?

GDPR is an acronym for General Data Protection Regulation. The GDPR was passed by the European Union (EU) on April 14, 2016 with an implementation date of May 25, 2018, after which organizations found to be out of compliance can be fined.

The GDPR deals with safeguarding personally identifiable information (PII) and applies to organizations inside and outside the EU. According to the official GDPR website, it applies to “a company established outside the EU offering goods/services (paid or for free) or monitoring the behavior of individuals in the EU.”

Do we need to worry about the GDPR?

The above cited website goes on to explain that the GDPR does not apply if “your company doesn’t specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.” Clearly, utilities target their services at customers who live or own property within their service area, not based on where the customer resides.

This article from Government Technology clarifies the issue even better, explaining that, even if your utility has customers who reside in the EU, information you collect for online bill pay or applying for service, for example, would not be subject to the GDPR.

Still responsible for PII of your customers

Of course, this doesn’t mean you have no responsibility for safeguarding personal information of your customers, only that, if my interpretation is correct, you aren’t subject to fines for violating the GDPR.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

GDPR – what is it and do we need to be concerned about it?

Related Articles

Edmunds GovTech Case Studies: A Glance into Enhancing Local Government Operations

Eliminating Needless Days of Exposure

Could Your Office Benefit from a Calm Cubicle?