GDPR Overview

We (SCRUMPY Ltd) and our customers (you) need to be compliant with GDPR as of May 25th 2018. We've put together an overview on how it all works.

In this article

Don't panic

We have been hard at work for the past couple of months making sure we are all GDPR compliant. We've been deploying features and will continue to deploy features both before and after May 25th to both satisfy the requirements of GDPR and make some elements of what it brings a little easier to deal with. Many of the changes we've been making are completely behind the scenes, some are barely noticeable, the vast majority of the work we've been doing is research, documentation and making it easier for our clients to be GDPR compliant.

What do I need to do?

We've tried to make it as easy as possible for you to be GDPR compliant so we've already done a lot for you:

  • We've made sure your website is GDPR compliant & have put a privacy policy in place for you
  • We've made sure we're GDPR compliant
  • We've put together documentation for you that you should have under GDPR

You should ensure you've done the following:

What have you done to make my website GDPR compliant?

We have launched a number of features and we're planning on launching more in the coming months:

  • We have switched all 'opt out' fields to 'opt in'.
  • We added a detailed cookie policy to your site.
  • We have switched the storage of personal data to be encrypted at rest.
  • We have launched the 'Privacy & GDPR' section in your admin from where you can customise your privacy policy.
  • We will be adding tools to enable you to respond to data erasure and data portability requests within the coming months. In the meantime these requests should be sent to us via where we will manually enact them for you.

Where is your privacy policy?

Our privacy policy will be available to view shortly at In the meantime you can request a copy by emailing

Whats the catch?

When we say GDPR compliant we mean that behind the scenes we've done everything needed within our knowledge to prepare your website to be GDPR compliant. Your use of the system and your business practices have a large part to play in GDPR compliance, a part that we are not in control of, as such we highly recommend you educate everyone in your business on GDPR best practices. We recommend you seek legal advice if you have any queries, doubts or concerns about your website or your businesses GDPR compliance.

Frequently Asked Questions:

Do I need to email everyone?

Its complicated, but its not... Everyone who filled in your booking forms and enquiry forms had the option to opt in or opt of marketing, therefore, you already have recorded consent for these customers. We do however, allow you to manually add email subscribers, unfortunately there is no recorded consent for this since it wasn't the customer performing this operation and they didn't have any kind of option to confirm their consent.

We will be adding a tool to enable you to send out a re-consent email to the users you don't have consent for. We will also be adding the ability to ask for consent as part of uploading a list of subscribers.

Is SCRUMPY secure?

Yes, we take every precaution possible including staff usage of password managers, encrypted storage, NDA's for employees, firewalls, static code analysis, web application security tests and more. For further details email us at

What should I do if I receive a personal data rights related request?

For the moment you should email us at and we will facilitate the request for removal, rectification, etc. In the future we hope to offer you the tools to be able to perform these tasks yourself.

What about cookies?

We've massively improved the cookie policy that we put in place on your website and we're showing a notice about cookies when a visitor arrives from an EU country. We hope to improve our cookie handling so that users can more selectively opt-out of cookies without affecting their usage of essential site features.

Does my website respect the 'Do Not Track' header?

Not at the moment, we are looking at supporting this however, it isn't required by law.

I'm concerned about [Facebook / Twitter / Pinterest] being on my website

Don't worry, we don't like it either and we have a plan so that we're only including the Javascript from social network's where you've explicitly asked us to (e.g. Facebook Pixel), namely we will be replacing the like/tweet/etc buttons with our own to avoid having social networks tracking your customers.

I don't want [Google Analytics / FullStory] on my website

We're looking at making the inclusion of these tools optional.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us