About GDPR

GDPR (General Data Protection Regulation) is the single and most important regulation in the European Union law that concerns the privacy and data protection of consumers within the EU.

GDPR was adopted as a regulation in April 2016 and will come into effect starting the 25th of May 2018. Its mission is to protect all EU residents, so the GDPR applies to all companies based in the EU but also to all companies based outside the EU that handle monitor and hold personal data of EU consumers, collected from within the EU space.

This protection is achieved through several high-level obligations imposed on businesses that handle personal data:

1. The requirement to thoroughly inform the user, in simple language, of what data will be collected, and how will that data be used, by explicitly stating:

• how will the data be used;
• duration of storage;
• and most importantly, all the third parties that will handle the data;

2. The obligation to provide access to stored data::

• how will the data be used;
• duration of storage;
• and most importantly, all the third parties that will handle the data;

3. The obligation to provide data integrity – once the data was collected, it must be kept safe and its loss must be prevented;

4. The obligation to provide data portability, so that the user is not locked-in to a vendor;

These high-level obligations are transposed into more detailed requirements concerning:

1. Organizational aspects, such as appointing a Data Protection Officer or holding periodical training for employees 
2. Drafting clear policies within the company, to allow access to data and detailing how to handle breaches and incidents 
3. Technical aspects, mainly targeting security and actual access to data 
4. Product design, by implementing “privacy by default” and “privacy by design” principles, which enforce opting-in to collecting data and suggest minimizing the collection of data in the initial setup, then opting-in for more afterward

GDPR was adopted as a regulation in April 2016 and will come into effect starting the 25th of May 2018. Its mission is to protect all EU residents, so the GDPR applies to all companies based in the EU but also to all companies based outside the EU that handle monitor and hold personal data of EU consumers, collected from within the EU space.

How is Omniconvert preparing for GDPR?

The privacy and security of our users have always been one of our top concerns. This is why we are constantly working on maintaining very high standards in both our product and daily operations.

GDPR has given us a chance to further enhance our platform, internal procedures and processes.

All for the benefit of our clients and their users.

Bellow, we are briefly presenting to you the steps we are taking to ensure the security of our clients’ data and compliance with GDPR.  For a more detailed description of each task please click here.

Omniconvert GDPR Roadmap

Organizational

• Appoint the DPO – Done
  
• Update T&C – In progress
  
• Data breach report compile – In progress
  
• First Training on GDPR compliance – In progress
  
• Periodic evaluation for organizational and technical measures – Planned
  
• Enforce employee computer security – Planned
  

Policy

• Revise internal documents and policies – In progress
  
• Data Protection Impact Assessment – In progress
  
• Security incident response templates – In progress
  
• Regulate internal access to personal data – In progress
  
• Handling data responses to users – In progress
  

Technical

• Restrict access to servers from public locations – Done
  
• Use HTTPS for pages that handle sensitive information – Done
  
• Review and categorize currently stored data – Done
  
• Penetration test performed by BIT SENTINEL – Done
  
• Resolve security issues and implement recommendations – Done
  
• Anonymize IP addresses – In progress
  
• Revise stored data – In progress
  
• Unified platform access for company accounts – Planned
  
• Restrict outside access for CRM – Planned
  
• Integrate Active Directory for access – Planned
  
• Anonymize data for staging – Planned
  

Product

• Implement user opt-in mechanism – Done
  
• Log the consent – Done
  
• General consent request – In progress
  
• Allow user revoke the right of using his data – In progress
  
• Re-ask the user for consent if necessary – In progress
  
• Obtain consent for previously collected data – Planned
  
• Additional consent request – Planned
  
• Platform audit logs / update – Planned
  
• Client consent for enabling integrations – Planned
  
• Client consent for using custom attributes – Planned
  
• Keep operations registry per customer – Planned
  
• Announce when data is exported outside the EU – Planned
  
• Analytics Dashboard – Planned
  
• Publish new consent text – Planned
  
• Expose/delete info for users – Planned
  
• Data export tool – Planned
  
• Keep data a limited time after contract termination – Planned
  
• Enhanced ACL for CRM – Planned
  

If you have any questions regarding GDPR and Omniconvert, do not hesitate to contact us at [email protected]