Privacy and security are two major priorities for our team at Schedugram. As a result (and after a few customer questions), we wanted to share with you some information about our compliance work for the General Data Protection Regulation (GDPR) that comes into action on May 25.
GDPR is a European Union regulation that requires compliance by all businesses who service European customers. It regulates a range of protections, like that services should use/store the minimum amount of data possible and have processes in place to provide an export of data held about an individual on request to facilitate portability.
As an Australian business, we’re already regulated under the Australian Privacy Act (1988), which has many of the same protections that GDPR has – for example, we must comply with mandatory disclosures for data breaches to our local regulator (and of course notify users).
GDPR has some additional requirements, and is prescriptive about language and structure in places that the Australian Privacy Act isn’t. As a result, our plan for GDPR compliance is:
2. Improve “privacy by design” in our product
In general, we try not to collect much more information than we need to provide our services to you – nobody wants to have to fill out forms that have no real purpose! However, there are always areas that we can improve, particularly in the number of third party tools that we use (for example, we use both Mailchimp and Intercom for sending emails). We will review that these companies are also GDPR compliant, and shut down accounts from any that aren’t really in use anymore.
3. Improving team security and privacy training
As a small but growing team, there’s always opportunities to improve training and knowledge about best practice in security and privacy principles and processes. We plan to implement some training and professional development for our team on an ongoing basis.
If you have any other questions in the meantime, please feel free to send us an email.