As the world becomes increasingly interconnected and people share their data on an unprecedented scale, the issue of data protection has become an important topic of debate across the globe. To combat the challenge of data protection, a new European privacy regulation The General Data Protection Regulation (GDPR) will come into effect soon which will impact all business organizations within the European Union (EU) and those dealing with data of EU citizens. The new regulation will permanently change the way you collect, store and use customer data hence causing additional paperwork for organizations.
When you use the services of SuperSaaS, you act as a data controller, while we process the data on your behalf as a data processor. It is your responsibility to protect your user’s data in the best possible manner. As a responsible organization we, at SuperSaaS, want to ensure that you have all the right information about the new law and are aware of the necessary steps that you can take within your SuperSaaS account to continue to protect your user’s data. In this post, we explain the new data privacy law and include tips as to how you can keep your SuperSaaS account compliant with the law.
What is the GDPR?
GDPR, the General Data Protection Regulation (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the EU. The new GDPR law also addresses the export of personal data outside the EU.
The GDPR primarily aims to give control back to citizens and residents over their data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The information can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, a computer’s IP address, etc.
The regulation was adopted on 27 April 2016, and it will become enforceable from 25 May 2018 after a two-year transition period.
Does the GDPR apply to you?
The EU data protection law applies to all local and foreign companies processing data of EU residents.
If you use our appointment scheduling system to store personally identifiable data of European citizens you may need to take necessary steps to ensure compliance with the new law. The law requires EU member states to implement stiff fines for non-compliance.
What can you do as a SuperSaaS customer?
SuperSaaS is already compliant with the current EU Data Protection Directive that GDPR will be replacing. Some of the steps you can follow on the SuperSaaS platform to comply with the new rules are listed below:
1) You can enforce that users access your schedule using SSL/TLS encryption (https) on the Access Control Page
2) You can verify who has access to the information in your account on the User Management Page
3) If you synchronize the data in SuperSaaS with a third party, for example through a webhook, then you may need to verify that the third party is also compliant with the GDPR or disable the link with them (on the Webhooks page).
4) You can specify which customer data should be visible to other users, if any, on the configuration page, “Access” tab. You will also want to test the system as a regular user to verify that it behaves as expected.
5) You may need a Data Processing Agreement (DPA) that meets the requirements of the GDPR. SuperSaaS customers can download a draft Data Processing Agreement to help prepare for next May.
We will continue to ensure your customer’s data stays protected. Our site contains more information on how SuperSaaS is taking steps to comply with GDPR. Should you have any additional concerns, please do not hesitate to reach out.