Our plan for GDPR compliance

By in Schedugram features May 8, 2018

Privacy and security are two major priorities for our team at Schedugram. As a result (and after a few customer questions), we wanted to share with you some information about our compliance work for the General Data Protection Regulation (GDPR) that comes into action on May 25.

GDPR is a European Union regulation that requires compliance by all businesses who service European customers. It regulates a range of protections, like that services should use/store the minimum amount of data possible and have processes in place to provide an export of data held about an individual on request to facilitate portability.

As an Australian business, we’re already regulated under the Australian Privacy Act (1988), which has many of the same protections that GDPR has – for example, we must comply with mandatory disclosures for data breaches to our local regulator (and of course notify users).

GDPR has some additional requirements, and is prescriptive about language and structure in places that the Australian Privacy Act isn’t. As a result, our plan for GDPR compliance is:

  1. Review and update of our Privacy Policy and Terms of Service
    We will update our privacy policy and terms of service to add GDPR specific information and guidance. This will include consideration for the GDPR “Model Clauses” for the data that we process on behalf of you. We’ll let you know as soon as the new policy/terms are available. Our UK legal team is working on this presently.
     
  2. Improve “privacy by design” in our product
    In general, we try not to collect much more information than we need to provide our services to you – nobody wants to have to fill out forms that have no real purpose! However, there are always areas that we can improve, particularly in the number of third party tools that we use (for example, we use both Mailchimp and Intercom for sending emails). We will review that these companies are also GDPR compliant, and shut down accounts from any that aren’t really in use anymore.
     
  3. Improving team security and privacy training
    As a small but growing team, there’s always opportunities to improve training and knowledge about best practice in security and privacy principles and processes. We plan to implement some training and professional development for our team on an ongoing basis.
     

We are committed to ensuring our customers can be confident and safe that Schedugram protects their privacy and data security at all times. We’ll send you an email as soon as we have updated our Privacy Policy and Terms of Service.

If you have any other questions in the meantime, please feel free to send us an email.

Leave a Reply

Your email address will not be published. Required fields are marked *