Back to Blog

GDPR – Basic info

January 2, 2018 | Vladimir Sandera | Smartsupp

GDPR (or the General Data Protection Regulation) is a new directive from the EU that affects how companies collect and process their customers’ personal data. GDPR will come into effect on May 25, 2018, by which point all businesses in the EU have to become compliant. This article covers the steps we are taking in order to comply with GDPR rules and will hopefully answer any questions you might have.

As Smartsupp is located in the EU, we will be (and have to be) compliant with GDPR by May 2018. All of our data is stored on servers in the EU, and majority of our customers are located in the EU, so we are fully focused on being GDPR compliant. GDPR’s main purpose is to standardize personal data processing and privacy protection across EU member states, but many of the points GDPR raises are actually already in place in some EU countries.

If you have any questions about GDPR itself, you can find out detailed info here. It’s especially useful to read through the FAQ and see what constitutes personal data under GDPR. There are many other topics covered, as well.

What Is Smartsupp Doing to Prepare for GDPR?

We are already consulting with GDPR lawyers, and we’ve taken the first steps to become GDPR compliant. Here’s a list of things we are working on, all of which will be done before GDPR comes into effect:

  • An internal audit of how we handle the personal data of our customers and their customers — the audit will cover in detail what kind of personal data we process, where that data is stored, and what employees have access to it
  • An update of our Privacy Policy and Terms & Conditions
  • A new interface to enable you (our customer) to list all the personal data we store about your customer XYZ (for example), in case customer XYZ will ask you to tell them what personal data you have stored about them — you will also be able to delete this data in case customer XYZ asks you to
  • Further necessary adjustments to Smartsupp so it fully complies with GDPR

Does GDPR Apply to My Use of Smartsupp?

GDPR affects all businesses and entities in EU that process or store personal data. So the answer to that question depends on whether you collect personal data of your visitors or customers in Smartsupp. As your customers might send you their personal information in chat, you most probably do.

It’s good to mention that your use of Smartsupp is still completely legal under GDPR if you collect personal data of customers through Smartsupp (e.g. name or email). In this case you need to make sure you take the steps described below.

What Steps Do I Need to Take as a Smartsupp Customer?

The first thing you should do is notify your customers and visitors that their personal data might be processed by third parties, including Smartsupp. We recommend you to add following text to your Privacy Policy or Terms & Conditions (full name and VAT ID of our company needs to be included):

“Your personal data might be collected by us or 3rd parties, such as Smartsupp.com, s.r.o., VAT ID CZ03668681”.

GDPR sets a new legal structure for personal data governance. From a legal point of view, you are a Data Controller of any and all personal data of your customers or visitors, and Smartsupp is a Data Processor of that data on your behalf. This means that you collect your customers’ personal data and are responsible for it. By using Smartsupp, you pass that personal data to us for processing, but you are still the “controller” of that data. You should update your Privacy Policy and Terms & Conditions to reflect this. You can find more info on Data Controllers and Data Processors here.

When GDPR comes into effect, you will be obligated to show your customers what kind of personal data you collect about them if they ask. As mentioned above, we are preparing an interface where you will be able to pull the data we collect about each individual customer of yours, and you will be able to delete this data in case your customer requests it.

We recommend you consult GDPR with a lawyer in your country to make sure you are compliant. For any legal questions regarding GDPR in connection to Smartsupp, or if you believe some information in this article is incomplete or incorrect, you can contact me at vladimir@smartsupp.com