GrowthZone's GDPR Compliance Information
With the General Data Protection Regulation (GDPR) taking effect on May 25th, 2018, GrowthZone has made sure their software (both ChamberMaster/MemberZone and GrowthZone) meets the requirements for this new European law. See details below.
In response to the European Union’s (EU) General Data Privacy Regulation (GDPR) that is soon coming into effect, we are making some changes to our software to help our customers with their efforts to become compliant with this important law. This email gives insight on the things we are changing, as well as action items that may be required for your organization. To help answer questions you may have regarding how GDPR may specifically affect you and your organizations, we’ve create an FAQ document.
GROWTHZONE PRODUCT UPDATES/PROCESSES:
Here are the areas of improvement that will be completed by the May 25, 2018 deadline:
- Expressed Consent for New Members
It will soon be easier to gain expressed consent for data processing and storage when contacts sign up for a membership. You will still need to gain expressed consent from current members during a one time process. However, after that you can simply enable this required step as part of your standard membership application and immediately capture your new members’ consent.
To make it easier for chambers and associations to comply with the EU’s GDPR, we’ve created sample/example language that can be used with ChamberMaster, MemberZone, and GrowthZone products. This language can be added to the terms & conditions area in the Membership Application.
- Unsubscribe & Communications Flexibility
You will have greater flexibility to easily add standardized disclaimer/privacy text to the bottom of all emails including single emails. This allows you to actively communicate your GDPR compliance to your contacts and provides them the opportunity to better manage their consent for their data usage for communication purposes.
- Security Improvements
In relation to the security by design and security transparency portions of GDPR, we’re introducing a host of optional security features that can be enabled a la carte to enhance the security and restriction of the authentication of your members. Options are configurable allowing you to tailor your requirements to your needs, helping to ensure your members that their data is secure.
- Privacy Shield
Regarding GDPR’s requirements about data storage in the EU, or an outside nation that has been officially recognized by the EU as in compliance with GDPR, GrowthZone/Chambermaster will be certified via the PrivacyShield framework. This means that your customers' data will be housed outside of the EU but still in compliance with GDPR.
PERSONAL DATA REQUEST & DELETION:
Users have the right, under GDPR, to request from your organization a full data report. This includes a full record of the data being stored about them, how that data is being used/processed, who that data is being shared with, and the physical location of the data. They also have the right to, upon request, have their data deleted completely from all your systems and servers. In compliance with GDPR, we have put a process in place for you to be able to gather the information you need for your intended user. You may make these requests in writing at any time we and we will provide a written report and/or a certificate of deletion within the allowed 30-day response period.
To submit for these types of requests, use our Personal Data Report Form and our Data Deletion Form. It is important to understand that once the deletion process has been initiated, it cannot be halted and there is no way to recover data should you change your mind.
For all of this information and more, feel free to download our GDPR compliance information packet.