At pCure, we worked hard to prepare for EU General Data Protection Regulation (GDPR), to ensure that we fulfil its obligations and maintain transparency about customer messaging and how we use data.
Here’s an overview of GDPR, and how we prepared for it at pCure:
The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU law to strengthen the protection of “personal data” and the rights of the individual. It's a single set of rules which governs the processing and monitoring of EU data.
How pCure prepared for GDPR
Our team worked hard to ensure we complied with GDPR. We make sure we met our legal obligations, and did the best thing for our customers while still letting us move fast, scale and build great products.
Here are the main things we did:
We use services with good features
Our team use tools and services that enable us to easily meet our GDPR obligations.
We can easily export all of your data linked to an individual and permanently delete all data linked to an individual user.
We will automatically expire data on visitors that have not been seen in 9 months, to ensure we comply with GDPR retention requirements..
We appointed a Data Protection Officer
We’ve a dedicated Data Protection Officer to oversee and advise on our data management. Get in touch through the messenger or by emailing firstname.lastname@example.org
Some activities that we took
- Got familiar with the GDPR requirements and how they affect our company.
- Map out wherec we process data and carry out a gap analysis.
- Looked at our product roadmap and had privacy in mind when planning.
- Keep an eye on the developing guidelines from the European Data Protection Board.
Data subject rights
The GDPR establishes data subject rights, which means that, with respect to their personal data, customers, employees, business partners, clients, contractors, students, suppliers, and so forth have the right to:
- Be informed about their data: You must inform individuals about your use of their data.
- Have access to their data: You must give individuals access to any of their data that you hold (for example, by using account access or in some manual manner).
- Ask for data rectification: Individuals can ask you to correct inaccurate data.
- Ask for data to be deleted: Also known as the ‘right to erasure’, this right allows an individual to request that any of their personal data a company has collected is deleted across all systems that use it or share it.
- Request restricted processing: An individual can ask that you suppress or restrict their data. However, it is only applicable under certain circumstances.
- Have data portability: An individual can ask for their data to be transferred to another company.
- Object: An individual can object to their data being used for various uses including direct marketing.
- Ask not to be subject to automated decision-making, including profiling: The GDPR has strict rules about using data to profile people and automate decisions based on that profiling.
Feel free to reach out to us in the Messenger if you have any questions about GDPR - we’d be happy to chat to you about it.