GuestViews has worked well in the last few months! With the help of our lawyers we did some updates on our interfaces and our internal organisation to comply with the new GDPR. This article gives you some useful informations to understand this new legal framework.
The 25th of May 2018 the GDPR came into effect. The Regulation was created to protect personal data. It applies to any actors processing personal data for their account or for third-parties in the European area.
GuestViews, because it collects, processes and stocks personal data of users of the apps, is impacted by this new regulation. It is also the case for our clients that process information on their visitors on a daily basis thanks to our solution.
The GDPR included 3 categories of actors having a role in the processing of personal data:
• The data subject: every visitor will decide if they want to transfer personal data to the GuestViews app.
• The data controller: it is you, our customers who choose to offer the GuestViews app to your visitors, you determine the use of the data collected and its processing.
• The data processor: this us, GuestViews, which collects and manages data for our own account.
As a data processor, GuestViews has new obligations and we commit to do everything we can to respect:
• The obligation to transparency and traceability
• The principal of data protection by design and by default
• The obligation to guarantee the protection of processed data
• The obligation to assist, alert and advice
The GDPR revolutionises the relation to the processing of personal data by reinforcing exisiting principals and by imposing several new principals including:
• A clear purpose: the data controller must clearly inform the data subject of the use of its personal data when collected.
• An explicit consent: the data subject has to expressly consent (opt-in) for each use of its data defined by the data controller.
• Useful data only: the data controller must only collect data that are strictly necessary for its processing.
• A timeframe for data retention: data can only be retained for a sufficient timeframe for the data processor to reach his goal.
We worked for several months to make our solution comply with the GDPR regarding three guidelines:
• Enhancement of our internal organisation (support from specialised lawyers, audit of our internal processes to clearly define our processing and improve our practices in terms of security, appointment of a GDPR referent…)
• Adjustment of our product (revision of our opt-in logic, application of the principal of data minimisation, supervision of our “free comments” section, inclusion of additional information…)
You have probably already noticed some changes on your GuestViews apps or on your dashboard? We will keep on improving our compliance with the GDPR and we will inform you on our next developments!