GDPR: How we’re getting ready at publica.la

GDPR Compliance

May 25th it’s a huge date for Data Protection. The new set of rules, known as GDPR will take pace to enhance the online security of EU Citizens.

Here’s how we’re getting ready to comply with the new General Data Protection Regulation (GDPR), the new set of laws that aims to improve the security of EU Citizens.

At publica.la we always help our customers to comply with all the international laws. We take data privacy and protection seriously and we work constantly to improve our security measures.

The GDPR will take action from May 25th, but we’re already working to help you prepare for the new European laws. Here’s a quick overview on the specifics of the law and the actions we’re making to comply with every point.

If you have any doubts please do not hesitate to contact me at plaurino@publica.la. And if you want to know more on the technical aspects on how we are doing this you can contact Franco (publica.la’s co founder & CTO) at fgilio@publica.la

WHAT IT MEANS? HOW PUBLICA.LA IS WORKING ON IT
Lawfulness of Data Collection In order to collect data from any user based in any of the European countries you need to have a legal reason. That could be an explicit consent from the User, the need of the data to conduct a contract, or what’s cover under the GDPR as “legitimate interest” (you need to send the user information related to what they’ve acquired). We’re going to add an explicit check box that every user signing up into your library needs to read and consent in order to sign up.
Explicit Consent In order for any User to grant consent to collect his data under the GDPR some things need to happen:

  • The user needs to know what is opting into.
  • The consent needs to be granular: The User needs to comply to every type of interaction (emails, calls, tracking, etc)
  • You need to log that consent.
We’re adding an Opt In section on each User’s Account where users will be able to opt in to different type of communications and opt out from those communications as well.

We are going to log every interaction of the user with the opt in section.

Withdrawal of consent (or opt out) The user needs to be able to see what has signed up for, and withdraw the consent at any time. On the before mentioned “Opt In” section we will add an “Opt out” button to every interaction.
Cookies The User needs to explicitly know that you are using cookies to track him or her and needs to comply with being tracked.. We already are giving each user notice of cookie’s use. Now the form will only disappear once the user clicks.
“Forget me” The user has the right to ask for permanent deletion of all his data and track of past conversations.

You need to comply with the user request within 30 days.

Users will be able to delete his account from the “My Account” section.

At the same time you will be able to ask publica.la’s for permanent deletion of any of your users.

Access to the Data The user can also request all the data you have about him or her.

At the same time any user can ask to see the lawfulness of the data collection process.

We are going to add a “Download my data” button on the “My Account” section.
Modification The User can request to modify its data at any time. Users will be able to modify their data (email, social login and every other data collected by your library).
Security The GDPR asks that every company puts in action security process to secure all the data collected. publica.la already complies with all the security standards, the libraries and the content is encrypted as well as the conversations and interactions with you and your users. However our Engineering team is working on improving even more the security of the data and we’re going to roll out a contingency plan to act if any data is leaked.

 

Leave a Reply

Your email address will not be published. Required fields are marked *