Schedugram’s Plan for GDPR Compliance

Privacy and security are two major priorities for our team at Schedugram. As a result (and after a few customer questions), we wanted to share with you some information about our compliance work for the General Data Protection Regulation (GDPR) that comes into action on May 25.

Update: We have updated our privacy policy and have a DPA available for customers to sign. Please see the bottom of our Terms of Service.

GDPR is a European Union regulation that requires compliance by all businesses who service European customers. It regulates a range of protections, like that services should use/store the minimum amount of data possible and have processes in place to provide an export of data held about an individual on request to facilitate portability.

As an Australian business, we’re already regulated under the Australian Privacy Act (1988), which has many of the same protections that GDPR has – for example, we must comply with mandatory disclosures for data breaches to our local regulator (and of course notify users).

GDPR has some additional requirements, and is prescriptive about language and structure in places that the Australian Privacy Act isn’t. As a result, our plan for GDPR compliance is:

1. Review and update of our Privacy Policy and Terms of Service

We will update our privacy policy and terms of service to add GDPR specific information and guidance. This will include consideration for the GDPR “Model Clauses” for the data that we process on behalf of you. We’ll let you know as soon as the new policy/terms are available. Our UK legal team is working on this presently.

2. Improve “privacy by design” in our product

In general, we try not to collect much more information than we need to provide our services to you – nobody wants to have to fill out forms that have no real purpose! However, there are always areas that we can improve, particularly in the number of third party tools that we use (for example, we use both Mailchimp and Intercom for sending emails). We will review that these companies are also GDPR compliant, and shut down accounts from any that aren’t really in use anymore.

3. Improving team security and privacy training

As a small but growing team, there’s always opportunities to improve training and knowledge about best practice in security and privacy principles and processes. We plan to implement some training and professional development for our team on an ongoing basis.

We are committed to ensuring our customers can be confident and safe that Schedugram protects their privacy and data security at all times. We’ll send you an email as soon as we have updated our Privacy Policy and Terms of Service.

If you have any other questions in the meantime, please feel free to send us an email.

Picture of Hugh StephensHugh Stephens

Hugh Stephens

Hugh runs Schedugram, and has strong opinions about the future of the social media space.

2 comments

  1. I would like to know, where you keep the data. We are focused because of GDPR on if the data stays in EU? Dpo you have an office in EU that keep the data?
    Yours sincerely Mette Mahler

    1. Hi Mette

      Thanks for the comment – we just updated the post above. Per our legal advice from our UK legal team, we have a DPA available for EU customers who need GDPR compliance, it is available for you to sign at the bottom of our terms of service at https://schedugr.am/terms-of-service/

      We store data in various locations, primarily on Amazon Web Services’ servers in both the US and EU/UK (and some content is deployed through a content delivery network). More information is in our updated privacy policy at https://schedugr.am/privacy-policy/.

      Any other questions, feel free to reach out to support via email @ [email protected].

      Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

Get your evenings and weekends back.

Use Schedugram to save time make your Instagram marketing shine.