Update from Customer Alliance Regarding GDPR
As you are surely aware by now, the General Data Protection Regulation, better known as GDPR, is coming into effect on the 25th May 2018.
As with any company which comes into contact with personally identifiable information of European citizens, Customer Alliance has been working hard to ensure compliance by this deadline. As a trusted partner to thousands of companies worldwide, we take privacy very seriously and wanted to update you today regarding our progress on this topic and what needs to be done by you.
What Customer Alliance is doing and has done already?
We have implemented a number of changes to our product to ensure compliance with GDPR. Here are the changes we have made:
- Deletion rules for personal data: it is now possible to automatically delete customer data after a set timeframe within your account here. This will result in personal data such as name and email to be automatically removed after the specified timeframe, but the contents of the reviews remaining.
- Removal of personal data: According to GDPR we are required to remove the names of writers for external reviews. This has been completed. You can now see the names of the reviewer of external sites when clicking on the original review link in its original source. Sorry for any inconveniences the additional click causes.
- Updated GDPR data processing agreement and data privacy policy: We have updated our data processing agreement according to GDPR. Our new data privacy policy will come in effect very soon.
- Data protection audit completed: We have completed an external data protection audit to ensure that all our processes, data and tools are GDPR conform.
- Signed internal data privacy policy: All our team members have read and signed our updated internal data privacy policy that ensures the highest possible security and outlines best practices when handling personal data
- TÜV certified data protection officer: we have a new data protection officer Hans-Christian Widegreen supporting Customer Alliance since March 2018. He is TÜV certified and is helping us to comply with all necessary changes. We also have Franziska Freitag as our data protection coordinator. Both are available at dataprotection@customer-alliance.com
- Double opt-in feature: the collection of newsletter subscribers for your database will only be possible after the user has completed the double opt-in process.
Here is what is upcoming:
- IT penetration test: We will move from internal to external IT penetration tests. We will have external companies trying to “hack” us to find possible security loopholes and to further increase the security of your data.
- Inform data protection supervisory authority: We will inform the data protection supervisory authority on May 25th about our new data protection officer and policies.
As Germany (where Customer Alliance is located) already has one of the highest data protection requirements in the EU on businesses, we are already well prepared for the upcoming changes due to GDPR and are fully compliant by the May 25, 2018 deadline.
What do you need to do?
Whilst it is not possible for us to provide legal advice regarding what measure you should take in regards to GDPR, we do recommend to familiarise yourself with the requirements as defined by the European Commission and seek advise of a data protection officer or lawyer, if you feel that it is necessary.
Due to the transfer of personally identifiable information to Customer Alliance through the use of our tool, by law it is required that every customer complete a Data Processing Agreement according to GDPR.
Please fill out the following agreement before May 25, 2018 to ensure that you comply with GDPR.
Login and confirm the new Data Processing Agreement according to GDPR
Best wishes,
Torsten Sabel (COO)