The European Union's General Data Protection Regulation (GDPR) will come into effect on May 25, 2018. This regulation will fundamentally changes how companies use and process the personal data of European users.
Reviews.io is working hard to make sure we will comply with the GDPR when it takes effect.
Under GDPR, if you collect or store any information that can be linked to an individual, that counts as personal data. There’s a more in-depth explanation here, but as a quick example, if you let your customers create accounts on your store, or you collect their email addresses, both of those would count as “personal data.”
In simple terms GDPR makes it your company's responsibility to protect your customers data (even if you’re using a processor like Reviews.io, Shopify, AWS, Mailchimp or Salesforce to actually store that data). Review platforms like Reviews.io would be considered as a data processor as they essentially collect genuine reviews from your customers after purchase.
Our team has been hard at work preparing for GDPR for the past 4 months! So far, we have:
- Appointed a (DPO) Data Protection Officer
- Appointed a GDPR legal advisor
- Created a Data Protection Impact Assessment
- Started to review our contractual arrangements with sub processors (AWS), to make sure they’re required to protect personal data
- Started to develop and deliver GDPR training to key team member that have customer data access
- Implemented a detailed procedure to to detect, report, and investigate any data breaches
- Created new technology to help us limit the impact of GDPR on our clients
We are aiming to launch an updated version of our Data Processing Agreement that will allow our customers to continue to lawfully transfer EU personal data to Reviews.io when the GDPR goes into effect.
A great way to prepare for the GDPR is simply to educate yourself. We want to help our users prepare for the change, but the GDPR's provisions could affect your business outside of how you use Reviews.io & Reviews.io.
If you have specific questions about the GDPR feel free to email our GDPR team at email@example.com