The EU General Data Protection Regulation (GDPR) set a new standard for how companies use and protect EU citizens' data. It took effect from May 25th, 2018.
At Jiminny, we worked hard to prepare for GDPR, to ensure that we fulfil its obligations and maintain our transparency about customer conversations and how we use data. We've now completed our GDPR readiness program.
Here's an overview of GDPR, and how we prepared for it at Jiminny.
The EU General Data Protection Regulation ("GDPR") is a new comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU Data Protection law to strengthen the protection of "personal data" and the rights of the individual. It will be a single set of rules which govern the processing and monitoring of EU data.
Does it affect me?
Yes, most likely. If you hold or process the data of an any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
How about my CRM?
For information stored within an organisation's CRM, it is the responsibility of the customer to put procedures in place to allow the identification, deletion and auditing of this data and the "right to be forgotten" process.
How Jiminny prepared for GDPR
Our teams have worked hard to define our GDPR roadmap. This was a massive overhaul of processes and data models to make sure we met our legal obligations, and did the best thing for our customers while still letting us move fast, scale and build great products.
We are a processor with respect to the end-users whose data Jiminny receives: our customers’ users. As a customer of Jiminny, you are a data controller and Jiminny is acting as your data processor for your users.
Here are the main things we've done to ensure we set ourselves and our customers up to meet GDPR obligations:
We built new features
- We allow our customers to fully delete all data linked to an individual.
- Our customers can request an export of all data linked to an individual end user.
- Improving auditing and traceability of call recording preferences.
- You can disable call recording for a subset of users
We created a Data Processing Agreement (DPA)
Our DPA has been written to address both regulatory and operational changes related to GDPR. Customers can contact firstname.lastname@example.org to view and sign a copy.
We got certified for International Data Transfers
The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.
We coordinated with our vendors
We reviewed all our vendors, finding out about their GDPR plans and arranged similar GDPR-ready data processing agreements with them.
We established additional security measures
Security is a priority for us. We've built a robust security framework over the past couple of years, and reviewed our internal access design to ensure the right people have access to the right level of customer data. More details are available on our Security page.
We’ll keep sharing information on our progress, and we’ll also help our customers and prospective customers be compliant. If you have not already done so, some steps you can take are:
- Get familiar with the GDPR requirements and how they affect your company.
- Map out everywhere you process data and carry out a gap analysis.
- Consider how you can leverage Jiminny to help with your GDPR compliance. Our security docs are available to customers on request.
- Look at your product roadmap, think about privacy when you’re planning.
- Chat to your lawyer about what your company needs to do to.
- Keep an eye on the developing guidelines from the GDPR Article 29 Working Party.
Feel free to reach out to us using the in-app messenger if you have any questions - we'd be happy to chat to you about it.