GDPR

SkipsoLabs and GDPR

Here is what we are doing to help you comply

Whether you are a small or large business, you have probably heard about the EU’s new data protection regulation: the General Data Protection Regulation (GDPR). GDPR replaces the Data Protection Directive 95/46/EC and was designed to “harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.” The GDPR applies not only to EU-based businesses, but also to any business that controls or processes data of EU citizens.


At SkipsoLabs we have been working hard to make sure our platforms and internal practices are GDPR compliant. This page aims to share the key product-related changes that we have implemented to help your SkipsoLabs powered platform be GDPR compliant.

Platform and Product Changes

In this section you will find a list of all the changes we have built and are building as part of our GDPR compliance work.

CONSENT
What is it

In order for a user registering on a platform to grant consent under the GDPR, the following things need to happen:

  • The user has to be told what he / she is opting into (“notice”)
  • The user needs to affirmatively opt-in (pre-checked boxes are not enough)
  • You must be able to keep a log of what a user has consented to
What we have done

We have created a new “Consent” widget to be added to the platform Registration page. This widget will allow platform administrators to:

  • Specify exactly what a user is opting into when ticking the checkbox
  • Track from the platform backend who has opted in and who has not

For auditing reasons, from May 25 th 2018 onwards, enabling the Consent widget will allow auditors to track who has opted in and out of consent as a log is generated whenever a user opts in or out.

WITHDRAWAL OF CONSENT (OPT OUT)
What is it

At any point in time a user (as data subject) has to see what he / she has signed up to and be able to withdraw his / her consent. Withdrawing consent has to be as easy as giving it.

What we have done

We have completely revamped the user Account Settings section of our platforms. This is the section of the platform accessible by any user who has previously registered on a SkipsoLabs powered platform. By clicking on the “Consent” page, the user will be able to easily opt-in or opt-out of consent.

Each action performed by the user on this page will generate a log for auditing purposes and will allow the platform administrators to track which users have opted in or out of consent.

PLATFORM NOTIFICATIONS
What is it

The SkipsoLabs powered platforms can generate a number of different automated email notifications to notify registered users of specific activities, for example:

  • New contact requests received
  • Broadcast messages from platform administrators
  • New recommended profiles
  • Notification of new programs launched
What we have done

In order to allow users to have a more granular control of all platform notifications, we have created a new “Notifications” module from the user Account Settings section allowing users to:

  • Turn on or off ALL platform notifications with a single click
  • Have a more granular control of specific platform notifications allowing to select which notifications to enable or disable
ACCOUNT DELETION
What is it

Under the new GDPR regulation, users have the right to request deletion of all the personal data you have about them. Specifically, GDPR requires a permanent deletion of all data associated to a user that is stored on the platform database. In most cases, you will have to action to a user deletion request within 30 days.

What we have done

Firstly, we have built a configurable functionality allowing to select, at any point of time, one of two options:

  • Allowing users to delete their account and all their associated content directly from their account settings page without having to request deletion to the platform administrator
  • Allowing users to only send a deletion request to the platform administrator that will then directly action the deletion from the platform backend

As described previously, we have completely revamped the user Account Settings section of our platforms. In the new “Delete Account” page users can:

Option 1: Users are allowed to delete their own data

If this option is selected by platform administrators, users accessing this page will see all data associated to their user account and will have 2 options:

  • Disable Account – by deciding to disable their account users decide NOT to permanently deleting their user data from this platform. Status of their account will be set to "Disabled". This will mean that their profile will become invisible, they will no longer receive any platform notification and will not appear in any user directory. Users can request a re-activation at any point in time by contacting the platform administrators. The action to disable a user account can only be actioned by entering the user password.
  • Delete Account – by selecting this option, users will permanently remove ALL their user and associated content from the platform. The action to delete a user account can only be actioned by entering the user password.

Option 2: Users send a request to delete their data

If this option is selected by platform administrators, users accessing this page will only be able to send a deletion request to the platform administrators. The request will trigger an email notification to the administrators who will be able to delete all user data and associated content from the platform backend.

DATA PORTABILITY
What is it

Just as users can request to delete their data, they can also request to access all the personal data and associated content that the platform stores about them. Requesting access means that the Data Controller needs to provide a copy of all the user data in readable format (e.g. CSV or XLS).

What we have done

In the newly updated “Account Settings” section of the platform accessible by registered users, we have created a new “Export” tab. Accessing this page users will be able to send an Export request to the platform administrators who will be able to export all the user related data from the platform backend.

MODIFICATION
What is it

Just as she can request to delete or access her data, they can also ask platform administrators to modify their data if this is inaccurate or incomplete.

What we have done

If a user requests to change any of their information, any platform administrator can do so from within their contact record of the backend application.

SECURITY MEASURES
What is it

GDPR requests that Data Controllers put in place a set of data protection safeguards to make sure that data is secure both at rest and in transit.

What we have done

SkipsoLabs is committed to keep enhancing its security measures across the board. In addition to industry standard encryption practices we have also introduced:

  • 2 Factor Authentication for both platform administrators and general platform users. This significantly increases security when accessing the SkipsoLabs powered platforms as users are asked a second authentication layer via their mobile device.
  • Data Pseudonymization in order to enhance privacy by replacing most identifying fields (e.g. Name, Email. Telephone number) within a data record by one or more artificial identifiers, or pseudonyms.