TigerVPN is Probably the First VPN to Take GDPR Seriously
We sat down with the team from TigerVPN to talk to them about how they implemented the new GDPR guidelines and why it's important for every VPN company to do so. Share
Q: When did TigerVPN start the process to implement the GDPR guidelines?
We were monitoring the framework development for quite some time and started to take physical actions around late January 2018. GDPR is complex and to be fair, I think we should have even started a bit earlier. It looks easy at first but to get the entire company and all processes ready can quickly add up. You have to dive into every corner of your operation, check suppliers, and visualize processes to fully understand your movement of data.
Q: As a VPN provider, why did you rush to take the lead on the subject?
First of all, we have to – the GDPR deadline is set for May 25th and fines are up to 20 Million Euros or 4% of the annual turnover (whichever is greater). There is a big misconception the GDPR would only affect European based businesses but it actually affects any business (VPN Provider) serving customers within the European Union, regardless where you have your headquarter or business incorporation. Here at TigerVPN, we have always been very transparent with our customers and we decided to take the lead on the GDPR train, to act as good example and also for educational purposes.
Q: What is the educational takeaway from GDPR?
GDPR requires every business to come clean with the data you have about your customer, why you have it and what you do with it. You also need to get consent before you collect any data, allow data exports, and to some extent enable the right to be forgotten. Frankly speaking, it’s most probably one of the biggest changes to the Internet as we know it.
Think of Tinder for example. When you sign up you have to give them access to your friends, interests, pictures, and tons of other personal data about you. You can delete your account but it’s unclear if they actually wipe their hard drives or just simply freeze or archive your account.
With the GDPR in place, you can request a full deletion of data that does not serve any meaningful purpose.
While some data (subject to the laws of the country where the business is operating) – especially related to invoice accounting, tax purpose, billing and other local laws – are exempt, data like your pictures, messages between matches, and your swiping history don’t serve any purpose after you deleted your account and must, therefore, be fully deleted if requested.
We want to reach and educate as many people as we can about that amazing new law, and we see it as a positive change going forward in the entire e-commerce and online service industry
Q: How does the GDPR affect TigerVPN customers?
It will affect both existing and new customers. It’s basically similar to a big red reset button that we push on that day. Existing customers can review their privacy settings and new ones will have to opt-in by default.
Our goal is to provide a self-solve portal for GDPR settings where you can withdraw and give consent as you like. We deal with hundreds of thousands of customers and our support team would not be able to manually perform changes for individual customers. The solution is a simple DIY portal that you can access and make changes on the fly.
Q: What do you think your competitors are doing about GDPR?
I have the feeling everyone is waiting for someone else to be the first one. For us VPNs, GDPR is a big thing and potentially scary to some. For sure the trustworthy VPNs have already started to think or implement their strategy to be GDPR compliant, but obviously, it’s far less exciting than, say, the announcement of a new VPN location.
Thankfully TigerVPN’s business model is to sell subscriptions that pay for the operation of our service. Those VPNs substituting the cost of operation by showing ads or making the personal data of their customers a revenue stream will be heavily affected by the GDPR laws.
Unfortunately, I predict some black sheep in the industry to play the “we don’t store any data so we don’t need to implement the GDPR” card. For quite some time, VPNs could simply hide behind such statements without any repercussion. The few VPNs out there (including TigerVPN) who clearly communicate what data is stored and why will continue to operate business as usual. Those who choose to ignore or downplay the required guidelines are walking on thin ice.
Q: Will you take advantage of the GDPR yourself?
Absolutely! And I hope everyone else will do the same. The EU data privacy law hasn’t been updated for some 20 years. The GDPR can be considered a very late gift, and while it is a pain to implement and comply with, it will serve as a foundation for the safety of all of us online, especially for the next generation.
You can read more about how GDPR affects websites
Click here to learn more about TigerVPN’s services