What is the GDPR?
The General Data Protection Regulation (“GDPR”) is a new (May 2018) European privacy regulation which will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.
The GDPR applies to all organizations operating in the EU that process “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
Any company, regardless of location, that serves or works with EU persons must also comply with the GDPR. (This is why you received a whole bunch of email notifications about GDPR around mid-May 2018).
How does GDPR work?
GDPR is intended to protect consumers in the event of "destruction, loss, alteration, unauthorised disclosure of, or access to" their data, in addition to requiring more clarification from companies on how a customer's data might be used. Your personal data and sensitive personal data are both subject to this extra set of protections, ensuring you are in as much control as possible for safeguarding and monitoring your data.
If a company collects, transmits, hosts or analyzes personal data of EU citizens, GDPR requires the company to use third-party data processors who guarantee their ability to implement the technical and organizational requirements of the GDPR.
How is Simplr accommodating GDPR?
Since we first launched Simplr, our work has been matched by a desire to respect our customers' privacy and data. Our approach to security is anchored in treating security, compliance, and transparency with the level of detail they demand.
To ensure compliance with GDPR and provide the highest level of security possible for our customers, we've made the following changes:
- Clarification has been offered on data consent and your rights related to your personal information, including your preferences;
- We updated sections regarding: what information is collected and why we collect it, how we use and share that information, and how you can access and update that information;
- We've outlined internal processes for reporting personal data breaches, should they occur, to relevant supervisory authorities in accordance with GDPR-required timeframes;
- We will respond to requests from customers to correct, amend, or delete personal data as desired;
These changes will not affect the way you use Simplr and no action is required on your part.
How might the GDPR affect you?
As a merchant, if you ever receive a customer data removal request, you should follow the process established for each of the vendors you use (for example, Zendesk, Shopify, etc.)
How would you request data removal from Simplr?
Easy! Just send an email to firstname.lastname@example.org and share any and all details about your request.