GDPR (or the General Data Protection Regulation) is a new directive from the EU that affects how companies collect and process their customers’ personal data. GDPR will come into effect on May 25, 2018, by which point all businesses in the EU have to become compliant. This article covers the steps we are taking in order to comply with GDPR rules and will hopefully answer any questions you might have.
As Smartsupp is located in the EU, we will be (and have to be) compliant with GDPR by May 2018. All of our data is stored on servers in the EU, and majority of our customers are located in the EU, so we are fully focused on being GDPR compliant. GDPR’s main purpose is to standardize personal data processing and privacy protection across EU member states, but many of the points GDPR raises are actually already in place in some EU countries.
If you have any questions about GDPR itself, you can find out detailed info here. It’s especially useful to read through the FAQ and see what constitutes personal data under GDPR. There are many other topics covered, as well.
We are already consulting with GDPR lawyers, and we’ve taken the first steps to become GDPR compliant. Here’s a list of things we are working on, all of which will be done before GDPR comes into effect:
- An internal audit of how we handle the personal data of our customers and their customers — the audit will cover in detail what kind of personal data we process, where that data is stored, and what employees have access to it
- A new interface to enable you (our customer) to list all the personal data we store about your customer XYZ (for example), in case customer XYZ will ask you to tell them what personal data you have stored about them — you will also be able to delete this data in case customer XYZ asks you to
- Further necessary adjustments to Smartsupp so it fully complies with GDPR
GDPR affects all businesses and entities in EU that process or store personal data. So the answer to that question depends on whether you collect personal data of your visitors or customers in Smartsupp. As your customers might send you their personal information in chat, you most probably do.
It’s good to mention that your use of Smartsupp is still completely legal under GDPR if you collect personal data of customers through Smartsupp (e.g. name or email). In this case you need to make sure you take the steps described below.
“Your personal data might be collected by us or 3rd parties, such as Smartsupp.com, s.r.o., VAT ID CZ03668681”.
When GDPR comes into effect, you will be obligated to show your customers what kind of personal data you collect about them if they ask. As mentioned above, we are preparing an interface where you will be able to pull the data we collect about each individual customer of yours, and you will be able to delete this data in case your customer requests it.
We recommend you consult GDPR with a lawyer in your country to make sure you are compliant. For any legal questions regarding GDPR in connection to Smartsupp, or if you believe some information in this article is incomplete or incorrect, you can contact me at firstname.lastname@example.org