The new General Data Protection Regulation (GDPR) comes into force on May 25th of this year, and like many other companies we have had a lot to do to make sure that we're compliant with the new rules. We'd thought it would be useful for you to know what we're doing behind the scenes to change our current data practices.
- Implemented a Data Protection Impact Assessment process - this is essentially a risk assessment to help us identify and minimise the risk of a data breach.
- Documented and checked all the sub-processors and third-party integrations - we've been making a list of all the third-party companies and services we use to deliver SubHub and our related services, and making sure that they are all GDPR compliant as well.
- Created a detailed register of our data processing activities - we've documented exactly what we use personal data for and how it's stored and processed.
- Moved our database to EU data center - we were storing our database with a US datacenter, but we've moved to an EU one for better control.
- Audited our back up policy - we've made stricter rules for how long we store personal data and for what reasons.
- Done a data clean up - all outdated and obsolete data (from past clients, out-of-date backups etc) has been deleted from our systems.
- Updated our email sign up processes - our sign-up forms are currently being updated and clarified to help us get affirmative consent.
- Update our free trial sign up processes - our free trial sign up process is also being updated to include marketing consent and our new policies.
- Re-optin campaign to all our mailing lists - we'll be sending out a re-optin campaign to all our mailing lists, encouraging subscribers to resubscribe to ensure that the data we hold is up-to-date and we have explicit marketing consent.
- Created a procedure to deal with data access and update requests - a basic procedural document to show how we will deal with these sorts of requests.
- Created a data breach plan document - a procedural document to show what we'll do in the case of a data breach.
- Updated SubHub platform - so that our clients have the capabilities to enable cookie notifications, online forms for data access requests, and any other necessary actions.
We'll continue to add to this list as we go along. Do email us at firstname.lastname@example.org if you have any questions, or take a look at our GDPR FAQ, which is packed full of information and resources to help you with your own GDPR compliance.