Getting Ready for the GDPR

Please see our more recent blog post update about the GDPR.

If your business is based in the EU, or conducts business in the EU, then you’ve probably heard of the General Data Protection Regulation (GDPR). This is a wide-ranging set of regulatory changes that will take effect from the May 2018 and regulate the use of EU citizen’s personal data.

Here at Timely, we’re busy preparing for these upcoming changes and are committed to complying with our obligations. In fact, we’re using it as an opportunity to review our processes and improve the level of transparency with our customers.

What is the GDPR?

The EU General Data Protection Regulation (“GDPR”) comes into effect on May 25, 2018 and will replace the existing EU data protection law (that Timely already complies with). The purpose of the new regulation is to strengthen the protection of personal data and the rights of the individual.

Who is affected?

If your business is based in the EU, or you have customers that are based in the EU, then the GDPR will apply to you.

How is Timely preparing for the GDPR?

Timely is well underway with our plans to ensure compliance with the GDPR by the May 25th deadline. Here are some of the key items that we are working on:

(Updated 20th April 2018)

• We have carried out an extensive information audit of our systems from the perspective of businesses, staff and customers.
• We are making changes to the product to allow EU businesses to add their own privacy policy, allowing you to ensure you to capture consent from your customers to use their personally identifiable information.
• We are updating our help pages with the steps you’ll need to follow to action a data export or customer deletion request as required under the GDPR.
• We are updating our privacy policy including the addition of a new GDPR Data Processing Agreement.
• We have reviewed our third party vendor agreements to ensure compliance on their part.
• We are making changes to our systems, processes and documentation to meet our obligations as a Controller under the GDPR.
• We’ve appointed a Data Protection Officer (DPO).
• Security is a key priority at Timely. We carry out regular penetration tests using trusted third party security specialists to verify our systems and processes. We’re also tightening up internal access policies so the right people have the right access to customer data within Timely.

Keeping you informed

Being transparent and open about everything is one of Timely’s key values. The next major update on our GDPR compliance program will be on the 9th May 2018. This is when we’re be rolling out our policy and product changes as mentioned above.

Find out more

There is a vast amount of information available about the GDPR available online. Here’s a resource we really like.

As a business owner, here are some steps you should start thinking about:

• Get familiar with the GDPR requirements and how they affect your company.
• Talk with your lawyer about what your business needs to do.
• Carry out a review of how you are currently handling personal customer data, and note down what changes will need to be made in order to comply with the new standards.
• Ensure your various suppliers and vendors will be GDPR compliant.