Updated as progress continues. Simpleview is committed to data security, privacy and transparency. We have an in-house, cross-functional GDPR task force to oversee and manage the requirements of the GDPR and to implement changes to ensure that our company and our products are compliant with these new regulations. We’ve requested a thorough, third-party review of our business operations and GDPR obligations via TrustArc. In addition, our in-house team will address the effect across our partners and integrations, to help guide and work together on compliance.
We will provide updates on this webpage between now and the May 2018 deadline, communicating the steps we are taking to ensure that both our company and our products are compliant with the GDPR in advance of the deadline. Product updates to meet compliance will also be announced in the client portal.
We recognize that GDPR compliance is a shared responsibility between Simpleview, our clients, and our partners. Therefore, we’re happy to consult and provide guidance on compliance steps or information about partner compliance for our customers upon request.
Simpleview has always been committed to data security, privacy, and transparency. You can view our current privacy notice here. We work with Edge Hosting for managed server and site hosting. Edge Hosting is EU-U.S. Privacy Shield Framework certified, which means we’ve been in compliance with EU privacy standards protecting data, matching the same standards as the European data centers. We’re also compliant with Canada’s Anti-Spam Laws and guide our partners to meet the same requirements. The GDPR adds new protections for the personal data of EU residents, and we will continue to honor our commitment to data privacy through achieving and maintaining compliance with this important law and encouraging our data partners to uphold the same responsibility.
Please note that the information shared here is accurate as of the time this web page was published, February 27, 2018. For the most timely, accurate information, please visit the European Commission's Data Protection in the EU page.
Yes, GDPR does apply to information collected before May 25th, 2018. It is recommended to re-request consent, and to make sure you are clear and specific about how the information gathered will be used.
Individuals have the right to have their personal data deleted, in the event that it is no longer needed. ‘Right to be forgotten’ is in support of freedom of expression.
Is the right to be forgotten absolute? [If a customer orders goods, and I need his information to complete the order, do I have to delete that information upon request?]
The right to be forgotten is not an absolute right. It is possible to put it into effect only if the data is no longer necessary for the purpose it was originally gathered or processed for. Another case in which personal data cannot be deleted is when there is another legal obligation or law that directly obstructs the deletion (for instance the archiving law – which requires some documents containing personal data to be kept for a time period defined by law).
If they have lists (individuals with their contact information) and they process personal data for your organization on your behalf, you should understand how they are doing it and how the information is protected.
Providers of these type of services have to ensure compliance of their services with GDPR. Both Google and Microsoft have announced that they have been working to be in compliance with GDPR, yet it is important to mention that by using these services you are not automatically free from responsibility for complying with GDPR. GDPR impacts your whole organization and by just transferring all personal data to others, you will not be doing enough to be in compliance.
Simpleview CRM handles a lot of data. How does it help to comply with GDPR?
CRM is only a tool (system) which collects and processes personal data. The security of the system is supported by Simpleview CRM’s features and configuration options, as well as the communication and database backups, including the necessary anonymization of data. Since GDPR also places demands on organizational and personal requirements beyond the scope of the software solution, we can provide recommendations about how to use our products with the needed process and policy changes. Contact your Account Manager for details.
In CRM we keep record of email addresses and phone numbers of our customers’ employees. Will we now need to ask for explicit permission to store them?
It depends on if you already asked for consent when collecting the information, and why you collected it. If you must process the data in order to provide products or services, then the data can also be minimally processed without consent. For example, you definitely need an address to be able to send a product to a customer. In your case, you have to consider whether or not you really need the contact information of each customer – it depends on your purposes.
Contact us to find out how Simpleview can help your company secure sensitive personal data in compliance with GDPR.
Please note this webpage, website, and its content are not exhaustive resources on GDPR policy and they should not be relied on as legal advice. Because legal information is not the same as legal advice – the application of law to one’s specific circumstances, we recommend consulting a lawyer if you need legal advice on how to interpret the legislation. This content is information for awareness purposes and to inspire you to review your current policies and practices.