The EU General Data Protection Regulation (GDPR) sets a new standard for how companies use and protect EU citizens’ data. It will take effect from May 2018.
At PeakCommerce we worked hard to prepare for GDPR to ensure that we fulfill its obligations and maintain our transparency about how we process data. We've now completed our GDPR readiness program.
Here is an overview of GDPR and how we prepared for it at PeakCommerce:
What is GDPR?
The EU General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It is a single set of rules which governs the processing and monitoring of EU data.
Does it affect me?
Yes, most likely. If you hold or process the data of an any person in the EU, GDPR will apply to you whether you are based in the EU or not.
What PeakCommerce is doing
We are making continual adjustments and improvements to ensure we are best positioned to meet our legal obligations, and to assist our clients to do likewise is an integral part of how we operate on a daily basis. We see GDPR as affording us yet another opportunity to continue our tradition of protecting and giving you more control over both your organizational and personal data.
Here are the main areas we have addressed to ensure we and our clients are ready to meet GDPR obligations:
We built new features
Our teams built the necessary features to enable our clients to easily meet their GDPR obligations.
You can edit the Terms and Privacy Policies for your customer portal or link to the policies on your main website.
When relying on consent as your legal basis for processing, the GDPR says the consent you obtain must be freely given, specific, informed, and unambiguous. You also must clearly explain how you plan to use their personal data. We’ve updated the member signup process to help you stay compliant with this law. You can enable a checkbox for opt-in consent and edit the message to explain how and why you are using data.
To comply with user's request for a copy of their data, a new function has been added to the Administration console. Go to Admin > Users, locate the user and expand their details. Under Data Privacy select Export User Data.
Right to Erasure (Right to be Forgotten)
To comply with users request to be deleted/forgotten, you can fully delete the member and all of their data. This function can be accessed directly from the Administration console.
We updated our Data Processing Agreement (DPA)
Strong data protection commitments are a key part of GDPR requirements. Our updated data processing agreement shares our privacy commitments and sets out the terms for PeakCommerce and our clients to meet GDPR requirements. This is available for clients to sign upon request.
We coordinated with our vendors
We are reviewing all our vendors, assessing their GDPR plans and arranging similar GDPR-ready data processing agreements with them.
We will continue to share information on our progress and help our clients and prospective clients be compliant. Some steps you can take:
- Get familiar with the GDPR requirements and how they affect your company.
- Map out everywhere you process data and carry out a gap analysis.
- Look at your portal plans and think about privacy when you’re creating e-commerce experiences or making changes and updates to your existing portals.
- Discuss with your legal counsel about what your company needs to do to.
Keep an eye on the developing guidelines from the GDPR Article 29 Working Party.
Feel free to contact us if you have any questions about GDPR - we’d be happy to answer any questions you may have.