What’s the GDPR?
The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It will come into force on 25th May 2018.
The full text of the GDPR can be found here.
Does the GDPR apply to me?
While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.
How is Flashchat is preparing for the GDPR?
Flashchat is focused on GDPR compliance efforts. We are evaluating new requirements and restrictions imposed by the GDPR and will take any action necessary to ensure that we handle customer data in compliance with the applicable law by the 2018 deadline while continuing to move fast and build great products.
Here are the main things we’re doing:
We’re updating our Data Processing Agreements (DPAs)
Strong data protection commitments are a key part of GDPR’s requirements. Our updated data processing agreement shares our privacy commitments and sets out the terms for Flashchat and our customers to meet GDPR requirements. This is available for customers to sign upon request.
We’re coordinating with our vendors
We’re reviewing our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them.
We’re taking new security measures
Security is a priority for us and we have a dedicated security team. We have regular external vulnerability scans and penetration tests.
We’ll keep sharing information on our progress, and we’ll also help our customers and prospective customers are compliant. Some steps you can take are:
- Get familiar with the GDPR requirements and how they affect your company.
- Review how you process and store data.
- Consider how you can leverage Flashchat to help with your GDPR compliance.
- Chat with your lawyer about what your company needs to do to.
We’re building new features
Our team is building features needed to ensure we, and our customers, meet the GDPR obligations.
Download Users’ data
A new feature will be available soon which will enable any chatbot Admin to download personally identifiable information gathered in conversations with any individual user. So if any of your users request a copy of their data, you will be able to send it to them in a format which will be easy to access, read, and analyze.
Delete Users Data
- A new feature will be available soon to help you manually administrate your subscribers’ data..
- Deleted data can include Facebook profile information, any custom fields, tags, email addresses, phone numbers, etc.
Shared data with 3rd parties
If the subscriber’s data was exported to a 3rd party app you will also be responsible for deleting their data from the 3rd party app, and notifying your subscriber that you’ve done so.
Data from unsubscribed users
The law stipulates new best-practices for data retention. To help your business maintain GDPR compliance, Flashchat will start automatically removing personal data from subscriber profiles 90 days after they unsubscribe from your service.
After 90 days, the personal data associated with somebody who unsubscribed will no longer be available via Flashchat to you, or to 3rd party applications.
Feel free to reach out to us if you have any questions about the GDPR: firstname.lastname@example.org