The new European General Data Protection Regulation (GDPR) came into effect from May 25th, 2018. Since the regulation was announced last year, Bootsgrid has been working towards becoming GDPR compliant. For this purpose, we made a lot of changes to our processes related to data security and how we handle personal data.
Today, we are happy to announce that Bootsgrid is GDPR compliant.
Bootsgrid’s Journey Towards GDPR Compliance
1. Internal Data Collection mechanisms:
The first step we took towards GDPR was to identify and document all the channels and mechanisms we use to collect Personally Identifiable Data from EU Data Subjects. We mapped the type of personal data being collected to the channels for better identification.
2. Usage limitation, Data minimization and Storage limitation
Once we mapped the Personal Data with the data collection channels, we made sure controls are in place so that the collected data is processed only for the purpose it was collected. We also removed any personal data that was not business critical and data owner can delete the data whenever wants to
3. Data Processing on legal basis:
Bootsgrid uses Consent, Legitimate Interest and Contracts as a legal basis to process depending on the personal data we collect. We identified the legal basis and mapped it to personal data we collect.
4. Individual Rights
We created our own internal process on how we respond and resolve requests from data subjects regarding individual rights. These rights include right to information, right to rectification, right to access, right to erasure, right to restrict processing, right to data portability, right to object or right not to subject to automated decision making including profiling.
We always do regular updates on our site for identifying any abnormal activities happening and also we do regular monitoring, virus scanning for encountering any cyber threats. We installed SSL certificate for security purpose. We make sure suitable security measures are in place to ensure the confidentiality, integrity, and availability of Information. We also use pseudonymisation through encryption and Hashing to make sure all personal data is protected. We are taking appropriate technical and organizational measures to adequately protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
6. Processing of Personal Data outside of EU
Under GDPR , the EU doesn’t allow the transfer of data on its citizens outside of the country unless the Controller has adequate mechanisms in place to ensure the security of personal data. Bootsgrid is DATA 443 Privacy Shield certified, which we decided to use as the legal basis to export personal data out of EU.
We also created a Data processing agreement which regulates our responsibilities as a host, thus allowing our clients to have GDPR compliant sites themselves, if they need to. This document also describes how we communicate to the customers if there’s a breach and respond to requests from data subjects.
9. Website updation
GDPR is not a one time effort. It’s a continuous process and we will be making sure we review our processes regularly to make sure we do not breach any obligations set forth by GDPR and also closely follow more updations to the regulation.
If your business processes the personal data of EU data subjects and you want to run that data through Bootsgrid, we’ve got you covered. Signup today
Data Deletion Procedure:
- Our customers send Delete request mail to firstname.lastname@example.org.
- From our end export link will be send to requested customers for retrieval of their data.
- After 1 or 2 business days they will receive another delete request confirmation mail to confirm their deletion of data from site by clicking on the link which is added to confirm it by them.
- Once they followed the link from mail, here we will delete all their provided data from our site.