DueDil and GDPR: Ensuring Data Compliance

21 May 2018 Faye RichardsBest practices

At DueDil, our vision is to be the fuel of a more informed and connected economy - and new GDPR legislation makes this objective more important than ever.

Our Data Protection Manager, Farouk Umar, takes us through the roadmap to GDPR on May 25th, and what impact this legislation may bring.

What is your role at DueDil?

I fill three roles at DueDil: I work as a data engineer to help build the DueDil product, as well as being an internal auditor and the Data Protection Manager. I am currently working to ensure we are prepared for the new GDPR legislation coming into effect on May 25th, 2018.

What is GDPR?

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It introduces stricter legislation and consistency across all member states, as well as driving higher privacy standards on a global scale.

Who does GDPR apply to?

GDPR applies to any business that processes personal data of individuals residing within the EU. GDPR was made to ensure that businesses don’t take advantage of individuals and use their data appropriately.

The process has become more formalised so that a company can’t make a biased decision based on an individual’s personal information, that they didn’t have the legal authority to obtain.

How has DueDil aligned with GDPR so far?

DueDil has put a strong focus on ensuring that we are compliant as a company. We approached it by conducting a gap analysis to see where we were and where we needed to be, to be GDPR ready.

Fortunately, we haven’t had to change a lot, the main difference is the way we have formalised our processes.

The main steps we have taken:

  • Commissioned an independent assessment by data protection consultants.
  • Trained our staff in understanding what personal data is and what they can and can’t do, with regards to data privacy.
  • Created new positions including Data Protection Manager and Data Protection Officer, neither of which existed previously.
  • Developed new policies and procedures for key events relating to data management, including the erasure of personal data.
  • Adapted our product to make sure it is explicit what we use personal data for and at what point during the user experience.
  • Updated our Privacy Policy as well as Data Processing Agreements, which must be signed by any suppliers that we work with.
  • Signposted how people can get in touch with us if they have any queries.

Every single time we engage with someone we ensure they know their rights and what we are using their data for.

Can our customers market themselves as being GDPR compliant when accessing our data?

In short, no. We as a vendor are compliant but they will need to look at their own processes and use of data to ensure that they are GDPR compliant.

Are sales and marketing individuals able to contact directors under GDPR?

In essence, yes. As long as you are contacting that individual in relation to their company and not for personal reasons.

What happens to the data customers input and interact with in DueDil?

Data inputted by customers are stored as CSV uploads to match and create lists on the platform. We keep that CSV only for that purpose and it’s in our Privacy Policy exactly what we use that data for. Any lists/CSV uploads/saved searches/interaction data will be deleted upon request or termination of your contract.

Can DueDil access data in our customers’ CRM system?

No, we do not have the ability to access the data in our customers’ CRM system. We can only push our data into a company’s CRM. We only have as much permission as the user pushing the information in.

Is DueDil GDPR ready?

We are in the best position to be GDPR ready come May 25th. Our team has been working tirelessly for almost a year to ensure compliance, and we are confident that we are suitably prepared for the new legislation.

GDPR comes into effect on May 25th 2018. To find out how DueDil is ensuring compliance with this legislation, please read our Privacy Policy or tune into our on-demand webinar with Farouk.

Disclaimer: The contents of this blog post are the views of the Data Protection Manager interviewed and do not constitute as legal advice.