The EU General Data Protection Regulation (GDPR) will set a new standard for how companies use and protect EU citizens’ data. It will take effect from May 2018. At LoopMe (Me Analytics AB), we’ve been working hard to prepare for GDPR, to ensure that we fulfil its obligations and maintain our transparency about user data and how we use it.
Here’s an overview of GDPR, and how we are preparing for it at LoopMe.
The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that comes into effect on May 25, 2018. It will replace existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It will be a single set of rules which govern the processing and monitoring of EU data.
How is LoopMe preparing for GDPR?
LoopMe’s GDPR preparation started more than a six month ago, and as part of this process we are reviewing (and updating where necessary) all of our internal processes, procedures, data systems, and documentation to ensure that we are ready when the GDPR goes into effect.
While much of our preparation is happening behind the scenes, we are also working on a number of initiatives that will be visible to our users.
Here are the main things we’ve been doing to ensure we’re setting up ourselves and our customers up to meet GDPR obligations:
Building new features for you
Features for all Group Owners:
- Right to access: Our team are building the necessary features that will enable all group owners (administrators) to easily specify how long collected data within the group will be saved. Information about the group owner’s settings regarding this will also be visible to all group members. When the time period expires, the system will send a security question to the group owner, and after a confirmation, automatically erase all data. This feature will be released in May 2018.
- Data portability: LoopMe can help you meet your data portability requirements for GDPR. All group owners will soon be able to extract all data within a group all by yourself. You will also be able to filter and extract data regarding a single member within each group and extract it in a CSV-file. This feature will be released in May 2018.
- Right to be forgotten: All group owners can now easily remove members from their groups directly on the Group Page (just take a look within the Member List).
Features for all LoopMe Users:
If you have questions about particular data, you can contact firstname.lastname@example.org for further information at any time.
- Right to access: You are always able to see all the data that we collected about you as a LoopMe user. The easiest way to find it is to go to your profile page and look into each group you are a member of. There you will find all your sent loops, reports, comments, files etc.
- Right of portability: We will export your account data in a CSV-file at any time upon your request. Just contact us at email@example.com
- Right to rectification: You may access and update your LoopMe account settings at any time to correct or complete your account information. Just contact us at firstname.lastname@example.org.
- Right to be forgotten: All group owners can easily remove members from their groups directly on the group page (in the member list).
Whenever you what you can contact us, requiring us to remove you from a group and also to delete your account and all data you’ve sent within LoopMe. Just contact us at email@example.com.
We are also building features that will help you as a user to easily exit a group all by yourself and also a feature that will enable you to delete your LoopMe account and all data that is sent from your account. These features will be released in September 2018.
- Right to object: We strive to get as good user experience as possible when using LoopMe. Therefore, we use the Google Analytics web tool to analyze how our users navigate within the system (both on the web and in our apps). You can choose to refrain from your user data being included in our internal analysis by simply changing the privacy settings on your profile page.
We have updated the agreement with our IT service providers
Strong data protection commitments are an important part of GDPR's requirements. We have updated all our Data Processing Agreements (DPAs) with all our subcontractors to ensure that they share our privacy commitments and specify the terms of LoopMe (Me Analytics) and our customers to meet GDPR requirements.
We have updated our Data Processor Agreements (DPAs)
LoopMe has experience in signing Data Processor Agreements (DPAs) with municipalities and organisations in Sweden. We have now updated our Data Processor Agreement to include the higher requirements that GDPR implies and we have already updated several of our DPAs with the municipalities in Sweden that had previously signed an agreement with us, based on the former Swedish Data Protection Act (PUL).
If you are a controller of personal data for your organisation and want to sign a Data Processor Agreement with LoopMe, please contact our customer service at firstname.lastname@example.org and we will assist you in the process.
We’re taking new security measures
Security is a priority for us. We have regular internal audits and bug tests. We’ve built a robust security framework over the past years and reviewing our internal access design to ensure the right people have access to the right level of customer data.
Feel free to reach out to us at email@example.com if you have any questions about LoopMe and GDPR - we’d be happy to chat to you about it.