GuestViews has run smoothly in the last few months! With the help of our lawyers we made some updates on our interfaces and within our internal organisation to comply with the European Union’s (EU) General Data Protection Regulation (GDPR). This article provides some useful information to understand this new legal framework.
On 25th of May 2018 the GDPR came into effect. The regulation was created to protect personal data and applies to any actors processing personal data for themselves or for third-parties within the EU and the European Economic Area (EEA).
GuestViews is impacted by this new regulation because it collects, processes and stocks the personal data of its users. The same applies to our clients who process their visitors’ personal information on a daily basis thanks to our solution.
NEW OBLIGATIONS
The GDPR includes 3 categories of actors having a role in the processing of personal data:
• The data subject: every visitor will decide if they want to transfer personal data to the GuestViews app.
• The data controller: it is you, our customers who choose to offer the GuestViews app to your visitors, you determine the use of the data collected and its processing.
• The data processor: this means us, GuestViews, who collect and manage data for our own account.
As a data processor, GuestViews has new obligations and we commit to do everything we can to respect these:
• The obligation to transparency and traceability
• The principal of data protection by design and by default
• The obligation to guarantee the protection of processed data
• The obligation to assist, alert and advise
GENERAL PRINCIPALS
The GDPR revolutionises the processing of personal data by reinforcing existing principals and by imposing several new principals including:
• A clear purpose: the data controller must clearly inform the data subject of the use of its personal data when collected.
• An explicit consent: the data subject has to expressly consent (opt-in) for each use of its data defined by the data controller.
• Useful data only: the data controller must only collect data that are strictly necessary for its processing.
• A timeframe for data retention: data can only be retained for the timeframe necessary for the data processor to reach their goal.
OUR ACTIONS
We worked for several months making changes in order for our solution to comply with the GDPR regarding three guidelines:
• Enhancement of our internal organisation (support from specialised lawyers, audit of our internal processes to clearly define our processing and improve our practices in terms of security, appointment of a GDPR referent…)
• Evolution of our legal documents (updating of our terms of services, our privacy policy and of our terms and conditions…)
• Adjustment of our product (revision of our opt-in logic, application of the principal of data minimisation, supervision of our “free comments” section, inclusion of additional information…)
You have probably already noticed some changes on your GuestViews apps or on your dashboard. We will keep on improving our compliance with the GDPR and we will inform you on our next developments in the meantime!
Personal data protection is of great importance to us. If you have any questions on this topic,Agathe is here to reply with the help of Camille, our GDPR referent at GuestViews.