How does Chatify support GDPR compliance?
What is GDPR?
The EU General Data Protection Regulation, GDPR (2016/679) is a regulation in EU law on data protection and privacy for all individuals within the European Union. It replaces the 1995 Data Protection Directive (Directive 95/46/EC). The GDPR lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
What changes have we made in order to comply with new General Data Protection Regulation (GDPR)?
We have revamped our Terms of Service, Privacy Statement and Data Processing Agreements with particular emphasis on making them easier to understand and as transparent as possible. In summary, Chatify stores all personal data in the EU. Any personal data collected adheres to the "Privacy by default" guidelines as stated in the EU General Data Protection Regulation (GDPR). This means that the strictest privacy settings are applied to your personal data by default. The data collected is used solely for the purposes of providing a service to our customers and is not used for marketing purposes or sold to any third party under any circumstances.
Sometimes when you innovate, you make mistakes. It is best to admit them quickly, and get on with improving your other innovations.Trish, Fort Privacy
From a technical point of view, what changes have we made to the Chatify app, in order to comply with GDPR regulations?
We have made significant changes to Chatify in order to comply with the GDPR.
1. Privacy Panel
The Admin Panel contains a new section allowing our customers to set their privacy requirements in order to comply with the GDPR. We call this the "Privacy Panel". This section allows you to set your data requirements as well as being able to approve the sub-processors that Chatify uses.
2. Full control over user data
Under the GDPR data subjects have the right to access the personal data stored on their behalf. In addition, they have the Right to be Forgotten, the Right to Portability and the Right to Rectification of their data. Should a user enforce their rights, Chatify gives you (the Controller) complete control to ensure that you can accommodate your customers' requests in relation to their data.
3. Access to personal data
Data subjects can request and access any data that a data controller is holding on them and to find out if that data is being processed or not, where it's being held, and, for what purpose. From the visitor record, the data controller has access to and can manage all of the personal data that Chatify holds.
4. Right to be forgotten
The GDPR states that, if requested by the data subject, a company will have to erase the personal data that they are holding on that data subject and to cease any further processing of that data. If requested to do so, the data controller can erase the user data from the visitor record in the admin panel.
5. Right to portability
Data Portability is a new consumer right introduced under GDPR. The requirement states that a data subject will be able to receive personal data concerning them in a commonly used and machine-readable format free of charge. Users will then have the right to transfer or transmit this data to another controller or company. The data controller can export the visitor records to an electronic format from the visitor record.
6. Right to rectification
The data subject has the right to rectification of inaccurate personal data concerning him or her. If requested to do so, the data controller can update the user data from the visitor record in the admin panel.
Extra data management options for Data Controllers
1. Delete community & accounts
On request, customers now have the option to delete their team on Chatify and/or member accounts. Note: Customers always had the ability to add/remove team members as necessary and this has not changed.
2. Audit log & Data Breach Management
Organisations need to be able to capture security events in the form of audit logs to be able to confirm if a breach has taken place, and if so, how to measure the impact of that breach and determine what needs to be reported to the DPA (if necessary) and, ultimately, the affected data subjects. The Chatify audit log tracks anything on the Chatify app that can be added, updated and deleted. This is an extensive list that includes things such as community, account, team members, visitor posts etc. The audit log records who made the change with an associated time stamp. This gives a community administrator a log to refer to in case of any security breach or an audit.
3. Privacy Statement section for data controllers
The Privacy Panel now has a section where our customers can reference their Privacy Statement. If the option is chosen to request consent from the data subject before submitting personal data to Chatify, the Privacy statement will be linked in the consent statement.
Individual App Settings
Consent for personal data to be processed and shared
The Consent Checkbox (above) is configured in the Admin Panel and is displayed on the Chatbox. This allows the data controller to explicitly request consent from the data subject to collect personal data from them.
What changes have we made to the Chatify website from a technical point of view in order to comply with GDPR regulations?
On creating an account, Chatify needs certain personal data in order to allocate the account correctly. The information we collect is name and email address. We have added a checkbox for users to agree to the Chatify Terms of Service and Privacy Statement at this stage. Users have to agree to the terms wherever a Chatify account is created e.g. if a new user is invited to an existing community or if the community offers self-registration.
As always, if you have any questions, just send us a message and we will be happy to help!