We’re sure you’ve already heard of the GDPR by now and have some questions on how to deal with it. We’ve put together an overview of the GDPR and Capsule, and answered your questions to help you work within the new regulations.
This post is to assist you in using Capsule, but should not be regarded as legal advice. If you have questions on how the GDPR will affect your business we recommend you seek legal advice.
What is the GDPR?
On May 25, 2018, a new EU privacy regulation will come into effect called the General Data Protection Regulation (GDPR). It imposes tougher obligations on businesses with regards to how they collect, store and manage personal data of EU citizens, regardless of whether the data processing takes place in the EU or not.
Does the GDPR affect Capsule customers?
The GDPR will affect anyone who stores personally identifiable information of any EU citizen. Personally identifiable information can be a name, email, address, date of birth, personal interests, unique identifiers, digital footprints and more.
What is Capsule doing to prepare for the GDPR?
We’ve always taken data privacy and security practices very seriously. In light of the GDPR we have reviewed our data processes and practices to ensure we’re fully compliant by May 25, 2018. For example we are:
- Putting in place a new Data Processing Agreement which we and you agree to undertake from May 25, 2018 onwards.
- Updating our Privacy Policy to ensure our compliance in respect of the data we hold about you.
- Reviewing Capsule’s functionality to consider whether we can make any improvements that make Capsule more efficient for users who are subject to the GDPR.
Features to help you with compliance
While the GDPR can initially seem demanding, the emphasis behind it is about respecting your customer’s data and processing only the data that you need. We already have features in place to help you manage your customer’s data correctly. Here’s a list of some features and suggestions to help you with compliance:
Recording consent
With the GDPR you need to have lawful basis for processing personal data, consent is one of them. If you need to record consent, there are several ways you could do this.
Alongside your customer’s contact details, you could choose to add a Custom Field such as a check box for consent and can also choose to add a date field to record when consent was given.
You could also use Capsule’s tag features to tag contacts who have consented to you contacting them again. Particularly powerful are Capsule’s DataTags which allow you to record additional information with a tag. For example, you might want to record the date of consent given alongside the tag. Capsule will prompt you to enter these fields when you apply the tag to a contact.
Responding to data requests
An individual may request access to the data you have stored about them in Capsule. This is sometimes referred to as a “Subject Access Request”. To help with this kind of request we’ve built a new Print Summary feature. This allows you to export the individual’s contact data and all information held on them, including their entire communication history in one file.
To use this new feature, start out by opening a contact in Capsule. From their record click the action arrow, then choose ‘Print Summary’ and a new tab will open in your browser. From here you can copy the information to your computer and paste it into a word processor, or you can use the print function in your browser to create a PDF from the information.
Deleting data permanently
You may wish to remove data that is no longer being used for its original purposes before May 25. Also, under the GDPR there is emphasis on the right to be forgotten, enabling an individual to request that their data be deleted. You can delete a single contact and also delete a list of contacts. These deleted records are stored in the trash for 30 days before they are permanently deleted. However, when asked to remove the contact immediately, Capsule’s account owner can permanently delete individual records by going to the trash and permanently deleting them using the delete function.
External Resources
If you’re looking to understand more about GDPR, we suggest you review the advice given by the UK Information Commission Office (ICO), they are responsible for implementing the GDPR legislation in the UK. They provide practical advice such as an overview including key areas for Data Controllers to consider and get in place for May 2018, along with their 12 steps to take now.
The Information Commissioner has also started posting a series of myth-busting articles that set out to explain that GDPR is an evolution, not a revolution and which clarifies questions like “Do you require consent to process personal data?”.
What's next?
We'll be sending an email soon with details of our new Data Processing Agreement which comes into effect from May 25, 2018. Keep checking our blog for updates around the GDPR and new features.
Updated on 17/04/2018
- Finalised our new Data Processing Agreement and Privacy Policy to come into effect May 25, 2018
- Sent emails to inform customers of our new Data Processing Agreement
and Customer Terms
We hope this answers some of your questions and makes working with the GDPR within Capsule easier for you! Please email us if you have any questions and we'll be happy to answer.