Blog

iVvy Making GDPR Compliance Easy

Posted by on 21 May 2018 | Comments

Tags: ,

The new General Data Protection Regulation out of Europe requires businesses to meet additional obligations for their data security and individual privacy.

As part of these new laws, all businesses (whether they are from within the EU or not), will need to implement a range of enhanced protection procedures when dealing with individual data in the European Union.

This will impact both the organisations like iVvy who are the “Data Processors”, as well as your company, the “Data Controller”.

What are your responsibilities?

As a data controller, you have a range of responsibilities. Those in relation to your use of the iVvy software are:

Contractual Necessity – The idea is that you shouldn’t be collecting information that isn’t necessary for you to provide your service. Your Privacy Policy and Terms & Conditions should detail what you are collecting and what the intended use of the data is.

Consent – You will be required to obtain consent to collect personal information and outline what you intend to do with the information. For instance, you cannot collect email addresses for registrations for an event and then use those email addresses for marketing additional events, unless you have had prior consent to future marketing.

Right To Be Forgotten – You will also need to allow for someone to have their information removed from your system and implement a process which will manage these requests. This will need to be detailed in your Privacy Policy.

Access – You are required to provide an individual with copies of the data your store on them.

Data Security – The data needs to be stored in secure systems, like iVvy.

Transfer of Data – There are some laws that prohibit whether you can transfer the data outside of the EU.

iVvy’s Commitment & Preparation

As a Data Processor, in order for iVvy to meet its obligations and to assist you in meeting yours, we have already released, and will be releasing a range of additional features prior to the commencement of the law on the 25th of May, 2018.

These are the new features you will have access to within iVvy:

For event websites:

  • Cookie Usage Notification – you will have the option to turn on a notification that your website has cookies enabled, if you are using visitor tracking technology like Google Analytics.

  • Privacy Policy and Terms & Conditions – iVvy has already established an area where you can add your T&Cs and Privacy Policy. These are automatically added to the website footers, and will display an additional notification on the first step of the registration process so that the user can accept your terms.

Individual Privacy:

  • Contact Anonymisation – iVvy has a new feature that will allow you to anonymise private individual information of contacts that have registered for your events.

  • Access – We have a new feature that will allow you to export an JSON file to display all the information you have stored on a contact within the iVvy platform that can be provided to an individual. iVvy also has a feature that allows individuals to see what information is stored on them with a link included at the bottom of all email campaigns sent to the individual. Additionally, the contact can unsubscribe from email and SMS campaigns using the unsubscribe feature.

General Data Security & Accountability:

  • PCI Compliance – iVvy has achieved level 1 compliance with third party auditors, confirming we meet the strictest security requirements.

  • ISO27001 Compliance – iVvy operates to the ISO27001 standards.

  • Data Storage – Data is stored in the region of the account that it is opened. We currently have 3 data regions in the UK USA and Australia. Data is not shared between regions and never transferred outside the data centre by iVvy.