We (SCRUMPY Ltd) and our customers (you) need to be compliant with GDPR as of May 25th 2018. We've put together an overview on how it all works.
In this article
We have been hard at work for the past couple of months making sure we are all GDPR compliant. We've been deploying features and will continue to deploy features both before and after May 25th to both satisfy the requirements of GDPR and make some elements of what it brings a little easier to deal with. Many of the changes we've been making are completely behind the scenes, some are barely noticeable, the vast majority of the work we've been doing is research, documentation and making it easier for our clients to be GDPR compliant.
What do I need to do?
We've tried to make it as easy as possible for you to be GDPR compliant so we've already done a lot for you:
- We've made sure we're GDPR compliant
- We've put together documentation for you that you should have under GDPR
You should ensure you've done the following:
- Read through our Data Processing Addendum (you can request a signed copy if you wish)
Click here to read our Data Processing Addendum
- Evaluated whether the Data Inventory & Data Flow documentation we've put together can be your documentation, or whether it needs modifications to suit your business
Click here to view the Data Inventory & Data Flow documentation
- Read through our Personal Data Security Awareness article and have put in place training
Click here to view the Personal Data Security Awareness article
What have you done to make my website GDPR compliant?
We have launched a number of features and we're planning on launching more in the coming months:
- We have switched all 'opt out' fields to 'opt in'.
- We have switched the storage of personal data to be encrypted at rest.
- We will be adding tools to enable you to respond to data erasure and data portability requests within the coming months. In the meantime these requests should be sent to us via firstname.lastname@example.org where we will manually enact them for you.
Whats the catch?
When we say GDPR compliant we mean that behind the scenes we've done everything needed within our knowledge to prepare your website to be GDPR compliant. Your use of the system and your business practices have a large part to play in GDPR compliance, a part that we are not in control of, as such we highly recommend you educate everyone in your business on GDPR best practices. We recommend you seek legal advice if you have any queries, doubts or concerns about your website or your businesses GDPR compliance.
Frequently Asked Questions:
Do I need to email everyone?
Its complicated, but its not... Everyone who filled in your booking forms and enquiry forms had the option to opt in or opt of marketing, therefore, you already have recorded consent for these customers. We do however, allow you to manually add email subscribers, unfortunately there is no recorded consent for this since it wasn't the customer performing this operation and they didn't have any kind of option to confirm their consent.
We will be adding a tool to enable you to send out a re-consent email to the users you don't have consent for. We will also be adding the ability to ask for consent as part of uploading a list of subscribers.
Is SCRUMPY secure?
Yes, we take every precaution possible including staff usage of password managers, encrypted storage, NDA's for employees, firewalls, static code analysis, web application security tests and more. For further details email us at email@example.com.
What should I do if I receive a personal data rights related request?
For the moment you should email us at firstname.lastname@example.org and we will facilitate the request for removal, rectification, etc. In the future we hope to offer you the tools to be able to perform these tasks yourself.
What about cookies?
Does my website respect the 'Do Not Track' header?
Not at the moment, we are looking at supporting this however, it isn't required by law.
I'm concerned about [Facebook / Twitter / Pinterest] being on my website
I don't want [Google Analytics / FullStory] on my website
We're looking at making the inclusion of these tools optional.