GDPR Awareness Notice

Learn how is getting ready for GDPR
Martin Webb
Posted by Martin Webb.

The GDPR is coming and is getting prepared to get ready. If you don't know Tudodesk is free web-based all-in-one, CRM, sales, invoicing and job management software for manufacturers, workshops, repair and restoration centres.

With customers all over the world, we are preparing to adhere to the General Data Protection Regulation (GDPR), which is due to take effect on May 25, 2018.

Nothing to us is more important to us than the success of our customers and the protection of their personal data on our platform. We want to ensure our vendors and their customers feel safe on our platform and welcome this new legislation.

The GDPR extends the privacy rights granted to individuals in the EU and requires companies that process the personal data of European individuals to comply with new regulations.

The GDPR applies to companies that process personal data of European individuals. So whether you have offices in the EU or outside, you are still required to comply. The legislation is not so much about you, it's about the data you process and what you do with it. We’re here to help our customers in their efforts to comply with the GDPR.

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). Created in 2016, The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens and designed to strengthen the security and protection of personal data in the EU, as well as provide businesses with a structured framework on how to collect, process, use, and share personal data

OK, so what does this mean in simple terms?

So. For example, if you have an existing database with customer information and you use that data in some way, say to send marketing material or special offers, or to reach out to generate an inbound lead. You may be in breach of the legislation. Unless you have specific opt-in permission from the data owner (the individual). Under the new legislation, you need the IP address of the individual, the time and date that the permission was given and explicitly what that permission was. If the permission was to subscribe to a blog or to promotions that permission must be permitted by using a "checkbox".

Moving forward if you use a contact, inquiry form on your website so that you can provide your customers with proposals you don't necessarily need a checkbox to grant you permission to send a proposal (estimate) or to follow-up on that proposal or provide the service should they order. But if you want to later send promotional marketing material you would need a checkbox clicked for consent. Furthermore, If you follow-up on your proposals it has to be within a reasonable time frame. If you follow-up 3 months later it could be seen as non-legitimate interest and be categorized as marketing.

The EU General Data Protection Regulation will still apply to UK companies dealing with the EU, regardless of Brexit.

The legislation also talks about how long you should keep the data of individuals for. Again using our example of an inquiry, estimate request from your site, if the individual declines your offer the legislation "sees" no need for you to continue to keep that data in full.

Vendors and data providers need to also give clear tools so that individuals can edit the data held, see the data held, export the data and remove it.

Companies are also required to have clear documentation about the data they hold, where they hold it, other services that make use of that information. For example, if you share data with say; Google Analytics, MailChimp, or a Chat Widget you would need to make that clear to your customers, under your privacy policy.

You also need to make your data policies clear, what happens if there is a data breach, and who is the named data protection officer at your company.

This sounds complicated. Is it?

It sounds worse than it possibly is. A lot of the hard work is being done by providers such as Tudodesk and their providers such as Amazon. What you need to do is show "awareness" update your legal documents and ensure you have documentation and procedures up-to data to comply.

If you are in in the UK do you still need to comply, even after Brexit?

Yes, Brexit will not save you. The EU General Data Protection Regulation will still apply to UK companies dealing with the EU, regardless of whether the UK remains in the union

When are these regulations starting to be enforced?

All companies collecting or processing the personal data of EU individuals must be GDPR compliant by May 25, 2018.

What is Tudodesk doing about this?

Tudodesk will be compliant to the extent required on or before May 25, 2018.

Does the GDPR prevent a company from storing data outside of the EU?

Nothing in the GDPR prevents businesses from storing data outside of the EU, provided that the data processors comply with the necessary regulations and protections.

How is Tudodesk preparing for GDPR compliance?

We have been analyzing the requirements of the GDPR and are working to make enhancements to our product, terms of service privacy policy, and documentation so that we can become compliant.

Where can I learn more about GDPR?

Additional information is available on the official GDPR website of the European Union.

If you have any additional questions about the GDPR you are welcome to contact us at [email protected].

Martin Webb
By Martin Webb

Founder/CEO at Tudodesk

I'm a tech nomad entrepreneur with more than 35 years experience in start-ups, development and coffee.

Sign up for a Free 30 Day Trial of Tudodesk Software

Or, talk to our sales team and get the answers you need.
Get in touch at [email protected].
Start Free Trial