SocialGO's GDPR Commitment

What is the GDPR?

The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the the 1995 Data Protection Directive.

The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.

The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.

In summary, here are some of the key changes to come into effect with the upcoming GDPR:

  • Expanded rights for individuals: The GDPR provides expanded rights for individuals in the European Union by granting them, amongst other things, the right to be forgotten and the right to request a copy of any personal data stored in their regard.
  • Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
  • Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
  • New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
  • Increased Enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. Also, the GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
  • If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU.

If you have any questions, please don't hesitate to contact us at support@socialgo.com

What is SocialGO doing about the GDPR?

SocialGO values our customers (and their customers) rights to privacy. Compliance with and to international law and regulations are very important to us.

Here’s a condensed version of our GDPR Roadmap and where we are on our journey:

  • Research the areas of our product and our business impacted by GDPR - COMPLETE
  • Appoint a Data Protection Officer - COMPLETE
  • Rewrite our Data Protection Agreement - COMPLETE
  • Develop a strategy and requirements for how to address the areas of our product impacted by GDPR - COMPLETE
  • Perform the necessary changes/improvements to our product based on the requirements:
    • Suppression Controls COMPLETE
    • Visitor Lookup COMPLETE
    • Feedback Consent Controls IN PROGRESS
    • Implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR - IN PROGRESS
    • Thoroughly test all of our changes to verify and validate compliance with GDPR - IN PROGRESS (being done incrementally as changes are completed)
    • Finalize and communicate our full compliance - TO BE ANNOUNCED (this will be done when all work is completed which will occur prior to the effective date of the GDPR)
    • SocialGO has also engaged with numerous outside attorneys on our approach. We felt this was and will be very important because the legislation is so new and far reaching.

What changes is SocialGO making to be GDPR Compliant?

We are taking many steps across the company to ensure SocialGO is ready for the GDPR. We are improving anonymity within our analytics tools and making changes to allow you to tailor how you request consent within our feedback tools.

We’re also working on interfaces that will allow you to address requests from your customers related to their rights for accessing any personal data that might stored in your SocialGO account.

Based on the research conducted by both our inside and outside counsels we are confident these changes will address the requirements of GDPR.

What do SocialGO Customers need to do?

Make sure your Terms of Service or Privacy Policy properly communicate to your users how you are using SocialGO(and any other similar services) on your website or app. This requirement has always been part of SocialGO’s Terms and Conditions, but the GDPR can heavily penalize you if you have not done this clearly. We recommend you ensure your policies are up to date and clear to your readers.

Frequently asked questions

The General Data Protection Regulation (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the 1995 Data Protection Directive. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on handling data.
The GDPR regulates the processing of a data subject’s personal data in the European Union including its collection, storage and transfer or use. The GDPR gives data subjects more rights and control over their data by regulating how you should handle and store any personal data they collect.
As of the 25 May 2018, you need to be in compliant with the provisions of the GDPR.

The GDPR grants 8 fundamental rights to data subjects. These are:

  • Right to be informed - Entities must be transparent in how they are using personal data and must inform data subjects of this.
  • Right of access - Data subjects will have the right to know what personal data is held about them and how it is processed.
  • Right of rectification - Where reasonably possible, data subjects will be entitled to have personal data rectified/edited if they feel that it is inaccurate or incomplete.
  • Right to erasure - This is also sometimes referred to as 'the right to be forgotten', Here, data subjects have the right to have their personal data permanently deleted upon their request and they do not have to provide a reason for the request.
  • Right to restrict processing - Data subjects have the right to block processing of their personal data.
  • Right to data portability - Where reasonably possible, data subjects have the right to retain and reuse their personal data for their own purpose.
  • Right to object - In certain circumstances, data subjects are entitled to object to their personal data being used. This includes, if personal data is used for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.
The provisions of the GDPR apply to any entity that processes personal data of individuals in the European Union (EU), including tracking their online activities, regardless of whether the entity has a physical presence in the EU.
Yes! If you are an entity outside the EU, you should still be aware of the GDPR and comply with it if you process personal data of individuals in the EU.
Yes! The UK will still be part of the European Union on the 25th May 2018. Also, if you processes personal data of individuals in the European Union you would still need to comply with the GDPR even post-Brexit.
Yes! If you collect personal data, you need to comply.
Lack of compliance can result in fines of up to 4% of annual global turnover or €20 Million (whichever is largest) for breaching GDPR.
A Data Protection Officer must be appointed in the case of : (a) public authorities, (b) entities that engage in large scale systematic monitoring, or (c) entities that engage in large scale processing of sensitive personal data. It you don’t fall into one of these categories, then you do not need to appoint a Data Protection Officer (although this is highly advisable).
A Data Controller represents the entity that determines the purposes, conditions and means of the processing of personal data. The Data Processor is the entity which processes personal data on behalf of the controller. In your entity’s relationship with SocialGO, you are the Data Controller of your end user’s personal data (assuming you are capturing some) and SocialGO is the Data Processor. With respect to your entity’s own data, SocialGO is the Data Controller.