Is Obby GDPR compliant?
The General Data Protection Regulation (GDPR) provides new, consistent standards across the EU to protect the rights of EU citizens regarding how their personal data is being used. It goes into effect on May 25, 2018 and applies to any company that uses personal data from EU citizens.
We are committed to privacy and security and will be ready for the GDPR before May 25, 2018.
Here we’ll provide a quick overview of GDPR and share what we’re doing to prepare.
GDPR Basics
Replacing the existing EU privacy directive 95/46/EC, which has been in place for over 20 years, the GDPR strengthens and expands the privacy rights of individuals in an era in which much of life takes place online.
The GDPR is extensive, affecting not just businesses based in the EU but also any company that processes the personal data of EU citizens.
The Data Protection Principles set forth in the GDPR include requirements like the following:
-
Personal data collected must be processed in a fair, legal, and transparent way and should only be used in a way that a person would reasonably expect.
-
Personal data should only be collected to fulfill a specific purpose and it should only be used for that purpose. Organizations must specify why they need the personal data when they collect it.
-
Personal data should be held no longer than necessary to fulfill its purpose.
-
People covered by the GDPR have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization.
We’d encourage you to read the text in full as well as to consult with your legal advisers for the most complete understanding of the GDPR.
What is Obby Doing to Prepare for GDPR?
We’re getting ready for GDPR by preparing for our own compliance — as well as making it easy for you to comply as a data controller. Here is an overview of what we’ve been doing so far:
Terms of Service and Privacy Policy
We’re reviewing all our legal agreements and making any required changes to be GDPR compliant. We are updating our Terms of Service and Privacy Policy and will post them on our website in advance of the GDPR deadline. We are also making sure that any vendors we use as sub-processors are GDPR compliant.
Security and Data Management
Obby already employs strict policies and procedures around security and data management. Additionally, we have created an internal team and engaged external advice to enhance security standards that protect our customer’s data and follow GDPR requirements.
-
GDPR compliant Privacy & Cookie Policy for Obby and booking widget customers. By 25 May 2018, Obby will have in place a GDPR-compliant privacy statement available to read for all customers of the Obby marketplace and booking widget which sets out very clearly how we use and protect customer data. You can therefore rest assured that our (and your) obligations to customers are met by us when using the Obby marketplace and booking widget.
-
Obtaining GDPR compliant marketing consent on your behalf. We are updating our opt-ins to make it even clearer for our customers what they are opting in to and what to do if they change their mind. This applies to consent obtained for the Obby Newsletter. You will see this in place by 25 May 2018.
-
We have put in place clear processes for dealing with individual requests such as deletion requests and subject access requests. If you ever receive one from a customer and need our support, please let us know. Likewise if we receive one and need your support, we will contact you. We must work together as partners to comply with GDPR and individual customer requests.
-
We are updating our Partner Terms of Business to include GDPR compliant data processing terms between us which we are both required to have in place.
We fully support the GDPR and think it’s a good thing to treat customers and their data with care and respect.
If you have any questions or concerns regarding GDPR and Obby, please send us a detailed message to gdpr@obby.co.uk .