The GDPR is coming and tudodesk.com is getting prepared to get ready. If you don't know Tudodesk is free web-based all-in-one, CRM, sales, invoicing and job management software for manufacturers, workshops, repair and restoration centres.
With customers all over the world, we are preparing to adhere to the General Data Protection Regulation (GDPR), which is due to take effect on May 25, 2018.
Nothing to us is more important to us than the success of our customers and the protection of their personal data on our platform. We want to ensure our vendors and their customers feel safe on our platform and welcome this new legislation.
The GDPR extends the privacy rights granted to individuals in the EU and requires companies that process the personal data of European individuals to comply with new regulations.
The GDPR applies to companies that process personal data of European individuals. So whether you have offices in the EU or outside, you are still required to comply. The legislation is not so much about you, it's about the data you process and what you do with it. We’re here to help our customers in their efforts to comply with the GDPR.
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). Created in 2016, The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens and designed to strengthen the security and protection of personal data in the EU, as well as provide businesses with a structured framework on how to collect, process, use, and share personal data
So. For example, if you have an existing database with customer information and you use that data in some way, say to send marketing material or special offers, or to reach out to generate an inbound lead. You may be in breach of the legislation. Unless you have specific opt-in permission from the data owner (the individual). Under the new legislation, you need the IP address of the individual, the time and date that the permission was given and explicitly what that permission was. If the permission was to subscribe to a blog or to promotions that permission must be permitted by using a "checkbox".
Moving forward if you use a contact, inquiry form on your website so that you can provide your customers with proposals you don't necessarily need a checkbox to grant you permission to send a proposal (estimate) or to follow-up on that proposal or provide the service should they order. But if you want to later send promotional marketing material you would need a checkbox clicked for consent. Furthermore, If you follow-up on your proposals it has to be within a reasonable time frame. If you follow-up 3 months later it could be seen as non-legitimate interest and be categorized as marketing.
The EU General Data Protection Regulation will still apply to UK companies dealing with the EU, regardless of Brexit.
The legislation also talks about how long you should keep the data of individuals for. Again using our example of an inquiry, estimate request from your site, if the individual declines your offer the legislation "sees" no need for you to continue to keep that data in full.
Vendors and data providers need to also give clear tools so that individuals can edit the data held, see the data held, export the data and remove it.
You also need to make your data policies clear, what happens if there is a data breach, and who is the named data protection officer at your company.
It sounds worse than it possibly is. A lot of the hard work is being done by providers such as Tudodesk and their providers such as Amazon. What you need to do is show "awareness" update your legal documents and ensure you have documentation and procedures up-to data to comply.
Yes, Brexit will not save you. The EU General Data Protection Regulation will still apply to UK companies dealing with the EU, regardless of whether the UK remains in the union
All companies collecting or processing the personal data of EU individuals must be GDPR compliant by May 25, 2018.
Nothing in the GDPR prevents businesses from storing data outside of the EU, provided that the data processors comply with the necessary regulations and protections.
Additional information is available on the official GDPR website of the European Union.
If you have any additional questions about the GDPR you are welcome to contact us at [email protected].