Many of you will be aware that the European Union is rolling out a new General Data Protection Regulation (GDPR) on May 25, 2018. GDPR is a great step forward in ensuring that all of our personal data is handled responsibly and in accordance with individual wishes.
The team at RealVNC is very positive about GDPR and we wholeheartedly support the privacy objectives of this new regulation.
To meet the May 2018 deadline, we have been working for more than a year to ensure that every part of our organization is aligned with our compliance obligations.
As with all new regulations, it is necessary to deploy new procedures and GDPR is no different. One area in particular that impacts some Raspberry Pi users of our VNC Connect remote access software is the restriction on holding the personal data of minors. Under the terms of this new regulatory framework, we are no longer able to collect or process data from people under 16 years of age.
Creating a new RealVNC account
Going forward, this age consideration will be addressed by our account creation process. People creating a new RealVNC account in order to use our VNC Connect cloud-brokered connectivity service will now be asked to confirm that they are over 16 years old. If they are under 16 years old, a parent or legal guardian will be required to create the account using their own registration information.
Changes to existing RealVNC accounts
For existing account holders it’s a bit trickier since we never asked for age information in the past. This means that we will soon be sending out emails to all account holders that have Raspberry Pi devices registered within their VNC Connect teams. All these people will be asked to disclose if they are over the age of 16. Accounts will remain active for those people that verify they are over 16. If they are under 16, the existing account will be deactivated and a new account will need to be created using registration details from a parent or guardian.
VNC Connect users without a RealVNC account
To use the cloud-brokered connection capability of VNC Connect, you must create a RealVNC account. If, however, you are only need to make direct connections (device to device), no cloud-brokered connectivity is required and so there is no need to create a RealVNC account. These users will see absolutely no change because RealVNC holds no information on these users. They will not receive an email from RealVNC regarding this issue and can continue to connect directly without interruption. If in the future these users would like to add cloud-brokered connectivity to their Raspberry Pi, they can create a new RealVNC account provided they are over 16 years old.
RealVNC compliance obligations
For RealVNC to comply with our GDPR obligations, all accounts created by minors, or those accounts that do not respond to our emails, will be deactivated and all personal registration data will be destroyed. While this may sound dramatic, creating a new RealVNC account is a simple process that only takes a few minutes and any inconvenience is far outweighed by the increased data protection afforded by GDPR for individuals under 16.
While meeting the new GDPR compliance obligations has been a lot of work for the RealVNC team, I want to reinforce how positive we all are about the increased level of personal privacy that GDPR is helping us all to achieve. Privacy and security is of paramount importance to the design of our software and the quality of our business processes, and I hope you will agree with us that the increased privacy afforded by GDPR is well worth the new processes.