Whitespark takes data privacy very seriously, and we view the GDPR as an opportunity to enhance our commitment to data protection for the benefit our customers.
In effect from 25 May 2018, Reputation Builder will Process Personal Data in accordance with GDPR requirements. gdpr.eu
1) Does GDPR affect me and my business?
If you have customers in the EU or plan to have customers in the EU – then yes.
2) My Business is not not based in the EU – do I need to be GDPR compliant?
Any business that collects, processes or handles data from the EU will need to comply with the GDPR regardless of whether they are physically located within the EU.
This said, we are not able to provide legal advice and highly recommend that you refer to your legal counsel or an applicable data supervisory authority for full details on whether you will need to comply to the GDPR.
You may find the following two resources helpful.
- EDPS.EU
3) If Reputation Builder is GDPR compliant, does this also mean that my business is GDPR compliant because we are a Reputation Builder client?
All data you collect using Reputation Builder via Kiosk Mode and Unique Feedback URL is GDPR compliant as of May 25, 2018.
However, we cannot confirm that any customer data collected and processed outside of our platform and prior to importing into Reputation Builder is GDPR compliant.
In other words: If “you” upload a customer list or add a customer manually we cannot confirm that “you” obtained GDPR compliant customer permission first.
4) What should I do about my legacy contacts?
New and explicit permission will have to be obtained before sending emails or text messages to your legacy contacts using Reputation Builder “unless” you have record of their consent to receive such communication from you.
Checklist:
#1) Check your workflow, signup and other processes to ensure that all customer information and data is in compliance with the GDPR.
#2) Check your privacy policies, terms of service and other publicly visible pages detailing your service to ensure that you are transparent about collecting, sharing and usage of your customer data.
#3) Your customers have the right to know how their personal data is being processed. Clearly define all processing activities by you and disclose any third parties processing on your behalf.
#4) Check your forms to ensure the above mentioned information is available and provided when collecting new customer information.
5) Where does Reputation Builder store and process data?
Reputation Builder stores data in its secure AWS data centers in the United States (US).
6) Does GDPR apply to UK Businesses?
Until March of 2019, the UK remains an EU member state, so GDPR compliance applies to business based in the UK, or those collecting and processing data from the UK.
7) Does Reputation Builder offer a Data Processing Agreement?
GDPR law specifies that the Controller (you) is responsible for Data Processing Agreements (DPA) with third party processors you may use.
8) I have further questions about Reputation Builder and GDPR
We are happy to answer any questions you may have. Please email us at [email protected]