How is SO Connect GDPR compliant?
Many of our customers ask us about our GDPR compliance. This is because a new law will be introduced from the European Union on 25 May 2018, which will have many consequences for owners of consumer data. Local governments have drawn the attention of citizens to the new law on personal data by radio, TV commercials and other means. It’s no surprise that more and more consumers are raising concerns about how their data is handled. This article discusses how SO Connect has prepared itself for the introduction of the new GDPR data law.
What is the GDPR?
The GDPR, or General Data Protection Regulation, is a new European Privacy Act that aims to make the use of personal data by companies more transparent, and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
The new law applies worldwide to all companies and organizations that track and process personal data of European citizens, regardless of whether payment is made for services or products. Personal data may not be stored for too long and the customer must actively give permission to the company to use his or her personal data. If permission is granted, the company may only use the data for the purpose clearly stated in the terms and conditions. It must be easy for the customer to use a service without sharing too much personal data.
How can you ensure that your data can be retained?
Most brick-and-mortar businesses don’t store a lot of data. You can employ data from other companies such as Google and Facebook for marketing purposes. When using standardized advertising options on these platforms you’re making use of data that is in accordance with the legislation. You’re not a controller nor a processor of the anonymized data and the responsibility for compliance lies with these companies.
However, if you have a newsletter that people can subscribe to, or if your guests leave their mail address to make a reservation and you plan to contact them later, you must let the guest know. In this case, you must clearly request permission in advance. You must also provide a straightforward method that guests can follow to unsubscribe from the customer base.
How is SO Connect GDPR compliant?
As a SO Connect customer, you have access to customer data via the logins on your WiFi network. In the SO Connect login portal, we let your visitors know that we’re collecting their data. Our login process has been compliant for months, so you can continue to use the data you’ve collected through SO Connect after the law takes effect.
What do we do to be compliant?
Together with leading privacy lawyers, we have made a number of changes in recent years. The main steps we have taken are the following:
- Renewed login portal with opt-in for explicit permission to use the data.
- Improved privacy policy
- New data breach protocol
- New data security system
- Appointment of an independent Data Privacy Officer
- Removal of all data from users under the age of 16
- Access to unsubscribe page
- Possibility of refusing data sharing
What if my guests have questions about this?
Your guests may have picked up on the new legislation and therefore have questions about how you handle their data. During the login process, we clearly state which data we collect and for what purpose we intend to use it.
For questions about the GDPR and how SO Connect deals with data, please contact privacy@soconnect.io. You can also come here to report alleged abuses and requests to remove data.