The talk of the town: the new data privacy legislation GDPR (General Data Protection Regulation) that will be enforced from 25 May 2018. Do we expect a big bang? The reinforced GDPR rules for the collection and processing of personal data of EU residents will be effective from the end of May. CYS sees the new legislation as a positive step into the protection of personal data. Because transparency and trust; that's what it's all about!
What does GDPR means?
The meaning of GDPR is General Protection Regulation. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC. The online landscape has changed so much in the past couple years, you can imagine that the current data privacy legislation isn’t relevant anymore at in some parts. That’s why there is a new set of rules in documentation, responsibility and information for organizations.
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by references such as a name, an identification number, location data, IP-addresses or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. For customer feedback it is important to know that questionnaires can also relate to personal data, for example the location of a store or a mechanic in the region. This information is also relatable to persons.
The GDPR impact for customer feedback at CYS
We are obliged to take responsibilities around personal data and privacy because of the surveys we offer to organization in customer feedback, customer satisfaction and customer journey research. Dealing with data process is one of our priorities and we take this responsibility very serious. We take both technical and organizational measures for the security of personal data.
The steps of CYS to be GDPR compliance
The new EU General Data Protection Regulation will have consequences for every organization. We deal with the personal data of customers and respondents in a confidential way and we are transparent in the communication about this. We have the means to deal with customer feedback and personal data in a responsible manner.
The 6 basis principles and the steps we take to comply with the GDPR rules concerning personal processing, we will explain briefly below:
1. Lawfulness, fairness and transparency
By both CYS and our clients, the respondents must be clearly informed in what survey they are participating in. The survey must be clear and appropriate. CYS considers a confidential and transparent environment very important.
2. Purpose limitation
We as processor and our clients as controllers may only request, store, use and share information for specified, explicit and legitimate purposes. Before processing information, we make it clear to everyone what the aim of the research is, also for the respondents.
3. Data minimisation
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Not all data are needed for a specific issue. We have the means to apply this for each project in a flexible way. All data, that is collected and minimally required for the investigation, is recorded in a written processor agreement.
Personal data shall be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. Personal data can be rectified or erased at our support department. If we as a processor have access to the relevant data, respondents can contact us by e-mail or telephone. We will contact our client (controller) promptly and correctly in case of a request.
5. Storage limitation
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. CYS is able to automatically archive or delete data after a certain period and technically adjust with its own systems. This is flexible and dynamic, so the storage restriction can be set differently for each project. In addition, we can also indicate at specific levels which data must be exceeded. We have taken all appropriate technical and organisational measures required by GDPR in order to safeguard the rights and freedoms of the data subject. Through our customer feedback systems it is possible to manage this on every level.
6. Integrity and confidentiality
The new EU General Data Protection Regulation is positive for all of us!
Don’t see the new set of rules as a burden! The reformed, stricter legislation is there to minimize risks and to prevent abuse. So it has benefits for personal purposes, but also for organizations because we protect ourselves and our customers!
If you as an organization can show that you are dealing with personal data in a transparent way and in compliant with GDPR, you will strengthen the relationship with the customer and customers will see your organization as a confidential company! This has positive consequences for customers loyalty. Customers will be more inclined to give feedback, to stay customer and eventually even to generate higher turnover because they trust you!