DISCLAIMER: The content below is provided for informational purposes only and the information shared here is not meant to serve as legal advice. You should work with legal and other professional counsel to determine exactly how the GDPR may or may not apply to you.


What is GDPR
GDPR is a European Union (EU) privacy law that regulates how organizations use data of people located in the EU. Any company doing business in Europe must get affirmative consent from their customers to collect their data. This means every form needs to have a checkbox that affirms their consent to use their email address, and every site needs to have an affirmative consent to use cookies.

Any company doing business in Europe must furnish a record of everything they know about a customer at their request.  EU Citizens have the right to be forgotten, which means they can request to be deleted from a system.

How to Prepare
Crowdskout offers tools related to consent to help you comply with GDPR.  You can create an opt-in box within your Crowdskout form allowing EU citizens to affirm their consent to collect their information. More information on how to build web forms can be found here. You should also make sure your privacy policy is up to date.

Customer's Role in GDPR Compliance

You, our customer, are the Data Controller and Crowdskout is acting as your Data Processor for your audience. In this respect, you’ll want to take the following steps leading up to and after May 25th, 2018:

  • Ensure your Privacy Policy is up to date.
  • Perform your own research, modeling, vendor audit, and strategy steps at your organization to ensure you understand GDPR as it applies to your business, and to determine who in your database is impacted.
  • Be thinking about how you’ll handle consent. You should make sure that you are obtaining proper consent about collecting data from/about any of your audience impacted.

Crowdskout's Role in GDPR Compliance

Under GDPR, Crowdskout is the Data Processor acting on your behalf. To this end, Crowdskout's responsibilities include: 

  • Only process personal data on instructions from the controller, and inform the controller if it believes said instruction infringes on the GDPR. In other words, a data processor may not opportunistically use or mine personal data it is entrusted with for purposes not outlined by the data controller.
  • Upon request, delete or return all personal data to the controller at the end of service contract.
  • Assist and contribute to compliance audits conducted by the controller or a representative of the controller.
  • Take reasonable steps to secure data.
  • Notify data controllers without undue delay upon learning of data breaches.

Resources
We want to help you prepare for the change and included more documentation below about GDPR for you to reference.

About GDPR

Did this answer your question?