The General Data Protection Regulation (GDPR) is a new privacy regulation that comes into place on 25th May 2018. GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union but it also addresses the export of personal data outside the EU. After Brexit it will still be applicable in the UK. We believe the GDPR is good for users and good for security across the web for online shopping such as you do with Solwise.
Whilst we feel that the GDPR is predominately aimed at regulating companies such as Facebook, Google and Twitter, who process a lot of data, this new regulation affects us all – even smaller companies that process just a limited amount of data. Even if a company uses data legitimately there is still a lot of work to do around the GDPR to rework privacy policies, update user access to data held about them and essentially make it easier for us all to see what data is held where and why that might be.
Here at Solwise we take our responsibility for your personal data with the utmost seriousness. We never share your details with third parties without your permission and we never have, nor ever will sell your data to anyone.
How is Solwise getting ready for the GDPR?
We have responsibility firstly for the data that we collect from you, the Solwise client, and secondly for the data that you may collect and pass to us about your clients. Solwise offer fulfilment services to many companies and we have to consider the data we take to process these orders in just as rigorous a manner as we consider your data.
Our Retail and Reseller newsletters have always been opt-in and this remains the case going forward. We rely on your consent to send marketing mailers and we will continue to ensure there is always the option to unsubscribe in all marketing emails that we email.
We only collect the minimal data to process your order; names, addresses, delivery phone number so that goods can get to you. We collect credit card details to efficiently process your payments – we meet all the requirements for PCI-DSS so you can be assured of a secured transaction. We actually feel that it is more secure to process your card online than it is to ring and do it over the phone as we have all the safeguards in place to meet the rigorous PCI-DSS standards. We collect your email address to let you have up-to-date information about order processing, we do pass this to couriers depending on which one you choose so that they can inform you of where your delivery is in their network.
We use website analytics on our website to collect very basic information such as the device our visitors use, browser versions etc so we can use this for future website development. See our website analytics statement.
Your right to be forgotten – Under the GDPR you have the right to be forgotten, this means all of your data has to be deleted and never used again. There may be exceptions to this, for instance our legal obligation to keep business records such as invoices to comply with financial and tax legislation. We are developing our internal systems to make it simple for you to make this request and simple for us to process this. More information will be available on our GDPR web page by end of May. We will also be able to provide you with a copy of any data we hold on you.
Solwise is only a small company so having one person as the privacy officer is not practical. We have assigned a team of people to consider and implement the GDPR and going forward it will be maintained by all staff with requests for information being looked after by Louise Barrett and David Yeomans.
So, how’s it going?
Well, we have much to consider, much in place and a bit still to do. We will continue to update you via the GDPR page on our website and if you are on our mailing lists and follow us on social media we will keep with the updates coming through there too.