Bizness Apps and The GDPR

Last Updated: Jun 06, 2018 12:20PM PDT

What is the GDPR?

The General Data Protection Regulation (EU) 2016/679 (GDPR) is the new European privacy law that will go into effect May 25th, 2018. The GDPR will be replacing current Directive 95/46/EC, and its goal is to protect users’ personal data. By increasing the regulatory requirements regarding data collection, processing, consent definitions, personal rights and more the GDPR is a great step forward for individuals in the EU and abroad. While we are very excited about these new laws as citizens, it brings a large impact on businesses all over the world.  

 

Disclaimer: This article is for informational purposes only, and should not be relied upon as legal advice. We encourage you to work with legal and other professional counsel to determine precisely how the GDPR might apply to your organization. The goal of this article’s is to explain the changes we have made, and the tools we have built for you to help you to become GDPR compliant.

 

Do you need to comply with the GDPR?

You are required to comply with the GDPR if your business is located in the European Union (EU). If your business is located elsewhere, you still need to comply if you are handling personal data in connection with a business establishment you have in the EU, if you offer goods or services directly to individuals in the EU or if you monitor their behavior, e.g. by tracking them on the Internet. 

If this does not apply to you, we still recommend complying with the GDPR, as it is very likely laws and policies all over the globe will begin to introduce very similar requirements.

We recommend working with legal professionals to ensure your exact application is compliant with all of the GDPR's scope and requirements.

Bizness Apps has been working towards GDPR compliance for a long time, mostly behind the scenes. We have made a list of the changes you will need to be aware of for GDPR compliance.

 

What Bizness Apps is doing to ensure GDPR compliance:

  • Research all aspects of our product and business for potential impacts from the GDPR
  • Work with outside attorneys that specialize in the GDPR for all aspects of our compliance efforts
  • Update our Privacy Policy with an optional GDPR supplement and implement data processing agreements where necessary
  • Update our Terms of Service
  • Implement a strategy for software and engineering upgrades for optimal GDPR compliance
    • Improve our Data processing, added security throughout
    • Record keeping of app customer consent
    • Update CMS with proper tools for our partners to complete personal data requests from users (More details below)
    • Update Mobile source code to 50.2. (More details below)
  • Finalize and communicate our full compliance - TO BE ANNOUNCED

 

We are working on tools to help you prepare.

We want to make complying with the GDPR as easy as possible and have been creating some new tools to help our partners and customers in this effort.

Lets take a look at a summarized list at these changes.

 

What changes are coming with the CMS GDPR update?

We will be building tools for you to complete the following requests.

  • Right to be forgotten: Delete option to the Customer List that will permanently delete all of a customers data
  • Right to rectification: Already implemented with North Park, however additional support for user control of consent choices
  • Right of access: Improved personal data export tools in Customer list
  • Right of portability: The previously mentioned data can be exported in a usable format

 

What changes are coming with the North Park 50.2 GDPR Source Code?

  • New customizable consent screen to display on app launch and available in the app settings page.
  • Refactored our point and geofence push notification features so all location information is handled locally on the users own device.
  • We have removed the ‘Nearby’ location portion from the Fan Wall v2 feature. 
  • Users can now delete any of their comments/posts made throughout the application.

 

Other information you should know:

  • Sensitive personal data, such as health information or information that reveals a person’s racial or ethnic origin, will require even greater protection. You should not store data of this nature within your Bizness Apps account or application.
  • If you chose to use your own Privacy Policy and Terms of Service, you need to be sure that you are keeping record of any changes you make. In accordance to GDPR you need to be able to prove what information your users were provided with or, depending on the circumstances, were consenting to when you collected their information or they used your app at a specific date. That means if you make iterations over time you must keep dating records of each version.
  • If you are using third party software inside the app through integrations or web views that collects or processes personal data, you will need to add this information to your custom Privacy Policy and add proper consent. 
    • Example: if you are using an email marketing integration and receive a request to forget a users account, you will need to both delete the user in the CMS and process the deletion from the third party software such as MailChimp. 

Here are a list of some of the helpdesk articls that have been updates with GDPR tools. Looks for the GDPR section inside each.
How to Configure the Sign-Up Feature
How to use the Customers Page​
How to Publish Your iOS Apps​

For those who do not wish to comply with the GDPR, we have also created this article to help assist you in removing your application from the EU.

 

To learn more about the GDPR, please refer to the following sites.

 

Frequently asked questions

What is the GDPR?

The General Data Protection Regulation (GDPR) is a significant piece of European data protection legislation for the European Union (EU) replace the 1995 Data Protection Directive. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on handling data.

 

When do I need to comply with the GDPR?

The GDPR goes into effect on May 25, 2018.

 

What rights will data subjects have under the GDPR that apply to my Bizness Apps application?

  • Right to be informed - Entities must be transparent in how they are using personal data and must inform data subjects of this.
  • Right of access - Data subjects will have the right to know what personal data is held about them and how it is processed.
  • Right of rectification - Where reasonably possible, data subjects will be entitled to have personal data rectified/edited if they feel that it is inaccurate or incomplete.
  • Right to be forgotten - Data subjects have the right to have their personal data permanently deleted upon their request and they do not have to provide a reason for the request.
  • Right to data portability - Where reasonably possible, data subjects have the right to retain and reuse their personal data for their own purpose.
  • Right to object - In certain circumstances, data subjects are entitled to object to their personal data being used. This includes, if personal data is used for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.

 

Who does the GDPR apply to?

As mentioned above: You are not only required to comply with the GDPR  if your business is in the EU. If your business is located elsewhere, you still need to comply if you are handling personal data in connection with a business establishment you have in the EU, if you offer goods or services directly to individuals in the EU or if you monitor their behavior, e.g. by tracking them on the Internet. 

 

We are not based in the EU. Do we still need to comply?

Yes, you may still need to comply. Please see the previous question and answer.

 

What happens if we don't comply with the GDPR?

If you do not comply you run the risk of a €20 Million fine or 4% of annual global turnover, whichever is largest. 

 

Do we need to appoint a Data Protection Officer?

Chances are no, but seek professional assistance for your specific use case.

 

What is the difference between a Data Processor and a Data Controller?

A Data Controller represents the entity that determines the purposes, conditions and means of the processing of personal data. The Data Processor is the entity which processes personal data on behalf of the controller. 
In your entity’s relationship with Bizness Apps, we are the Subprocessor and you are the Data Processor of your client, the Controller. The end user is the Data Subject. What does this mean for you? In order to have complete compliance, there needs to be a signed DPA between Bizness Apps and the reseller, as well as a signed DPA between the reseller and the small business client.



 

1biznessappshelp@gmail.com
http://assets2.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete