The General Data Protection Regulation (GDPR) is a new EU data privacy law that has been in force since 25th May 2018.
SwipedOn is committed the GDPR and supporting our customers in their compliance.
You can see how we suggest using SwipedOn inline with the GDPR here:
We've worked extremely hard in preparation for GDPR.
This has involved:
- Appointing a Data Protection Officer.
- Auditing our policies and procedures and bringing them in line with requirements.
- Conducting a full end to end information audit and data process mapping exercise, with a corresponding gap analysis and GDPR roadmap.
- Planning and implementing product changes, specifically around data management and data access.
What is the GDPR?
GDPR’s primary purpose is to create one coherent data protection framework across the EU. In doing this, GDPR substantially enhances data protection and privacy rights for persons in the EU, and imposes a comprehensive set of principles and obligations with which a lot of organisations operating or offering products and services in the EU must comply.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
How is SwipedOn aligned with the GDPR?
Data Protection Officer - Ben Scott (Head of Product, Co-Founder & DPO)
The first thing our Leadership Team did was to appoint me (Ben Scott) as SwipedOn's Data Protection Officer. It's a responsibility I'm not taking lightly, and I'm fully aware of the serious and fundamental challenge data protection poses to digital businesses such as ours across the globe. If you have any GDPR related questions, please forward these to email@example.com
Training, up-skilling and values
We've embarked on company wide awareness and familiarisation training exercises to ensure everyone knows their duties and responsibilities surrounding data protection.
We've also re-visited our core values and made Data Protection and Security a table stakes initiative. We wish to live by the mantra - Data Protection by Design
We've built new features
Our team has been busy building the necessary features that will enable our customers to:
- archive data linked to an individual visitor or employee.
- anonymize and delete data linked to an individual visitor or employee.
- anonymize 'visits' linked to an individual visitor based on a date range search (We will implement the automation of this task in the future)
- change the way visitors sign into the iPad application, so as to mitigate data leaks and unauthorised information access.
We’ve communicated our sub-processor list
We’ve reviewed all our vendors, finding out about their GDPR plans and arranged similar GDPR-ready data processing agreements with them.
We've implemented new security measures
Security is a priority for us. We are busy scoping external 3rd party security audits and pentests. We've also recently completely upgraded our infrastructure security and are continually improving our own internal security processes.
As part of a top down initiative, we've reviewed and updated the following policies and procedures:
- Security procedures and processes
- Data processing agreements (sub-processors)
- Terms of service
- Website Policy
- Contingency Plans
- Data Subject Requests for Information
- Data Breach Contingency plans and processes
Finally, it's important to note that SwipedOn supports the intent behind the GDPR legislation. We believe that all our customers will benefit from the work we've done to protect the privacy and security of your company and visitors.
If you would like to discuss anything about GDPR with us, please do not hesitate to reach out to me personally at firstname.lastname@example.org