The EU General Data Protection Regulation (GDPR) will set a new standard for how companies use and protect EU citizens’ data. It will take effect on May 25th 2018.
We've taken steps to ensure that we fulfil our obligations and maintain a sense of transparency with our customers in how we use data.
Here’s a quick overview how we are preparing for GDPR at SoapBox:
The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that comes into effect on May 25, 2018. It will replace existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It will be a single set of rules which govern the processing and monitoring of EU data.
How is SoapBox preparing for GDPR?
We've reviewed the business and product implications of the GDPR and have updated our roadmap accordingly. Luckily, Customer privacy has always been at the core of how we build products at SoapBox so the impact is minimal. We will be able to meet our legal obligations while keeping our customers happy and still moving fast so we can continue to scale and bring value to our product.
Here are the main things we’ve doing to ensure we fulfill our GDPR obligations:
We’ve updated our policies
We had a serious case of the legal jargons going on. We've fixed that. Drawing inspiration from a few of our favourite SaaS businesses, we've made our policies easier to understand and have added in more detailed documentation to better explain how we handle customer data.
Here are the specific policy changes:
We’ve added in new data portability processes
While we build the necessary product features to meet the GDPR requirements for data portability, we've implemented manual processes to handle customer requests for viewing, exporting and deletion of personal data from SoapBox. This includes a process that will propagate through our metrics tracking systems and cloud support hosting platforms.
We’ve working towards certification for International Data Transfers
The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.
To comply with EU data protection laws around international data transfer, we are working towards being self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield frameworks.
We’re making product changes
In the near future, the profile page of your SoapBox will contain the necessary requirements for viewing, updating and deleting your personal information. In the meantime, requests can be made through our support chat to have this done manually.
Feel free to reach out to us if you have any questions about GDPR - we’d be happy to chat about it.