Consent and transparency have long inherited the margins of organizations' pursuit of customer information. And the EU's General Data Protection Regulation (GDPR) is a much-needed push to bring them to the center.
With the regulations coming into force by May 2018, it hands EU customers the power to control their personal information that businesses store and handle, without tradeoffs.
Our GDPR Commitment
The core of SocialPilot's internal operations underpins protecting the personal data of our customers. We only collect and store information that is necessary to offer our service, and we do this with the consent of our customers. Adding to this, our approach towards privacy, security, and data protection aligns with the goals of GDPR.
Along with a highly secure and robust system architecture, we have a variety of security measures in place to prevent unauthorized access and processing of personal data.
We are committed to being fully GDPR-compliant by 25th May 2018. To accomplish this, we've set up an internal compliance team (with functional heads) that has been working with an external specialist, to assess our requirements and roll out the required changes.
Our GDPR Compliance Roadmap
- Create and sustain awareness within the company regarding the Privacy by Default and Privacy by Design principles that need to be kept in mind for ongoing development - Completed
- Bring together the product, marketing, compliance, and security team heads to oversee SocialPilot’s GDPR compliance initiatives - Completed
- Analyze all the areas of the product that GDPR would have an effect on - Completed
- Create a data retention policy and have an automated process in place to adhere to the same - Completed
- Release features that would enable our customers to be GDPR compliant - Completed
- Reach out to all our third-party vendors to make sure they are GDPR-ready - In Progress
SocialPilot as a Data Controller
SocialPilot recognizes its responsibilities as a data controller towards its customers. Detailed out below are all the steps we are taking towards fulfilling all legal obligations under GDPR, as a data controller.
Data Categorization and Analysis
- We have carried out a detailed data mapping exercise to track the flow of personal data through our systems.
- We have established and are maintaining a clean data repository that is constantly updated. This gives us control over the data flowing through our systems, with clear processes for handling, securing, and storing this data.
- The next step we took was to establish an automated data retention mechanism. This is how our data retention process works, when a customer closes their account with us:
- a) We will clear the customer’s Personally Identifiable Information (PII), and all end-user data from our databases, within a period of 120 days.
- b) The only data retained by us will be that which is needed from a compliance and legal standpoint, like invoices, subscription information, audit logs, etc.
- This is a conscious effort on our part to avoid storing and processing any customer data beyond the necessary period.
- We have a data processing addendum for our customers, that incorporates our GDPR principles. Please reach out to our compliance team (email@example.com) if you require a signed copy of the same.
- We will actively start collecting consent from our customers from May 25th, wherever it’s applicable - especially in the case of any marketing communication sent to them.
- To give our customers the option to withdraw their consent at any given time, an easy process is being placed for our customers to provide consent during sign up, and actively manage their consent settings within the app. We want our customers to have complete control over whether they want to receive any communication from us, and what they want to receive.
Feature Development and GDPR Principles
- We have an active process in place that will guarantee all our features meet the standards of GDPR. Our product and engineering teams will take into account Privacy by Design and Privacy by Default while designing features and pushing them to production.
Note: We will continue to update this section with our latest information and findings.
Policies and Documents
Following are the policies and documents that have been recently updated:
This is only the first step towards our commitment to help you handle the requirements of data privacy and protection. We encourage you to reach out to us at firstname.lastname@example.org if you have any questions regarding privacy, data security, data protection and compliance.