GDPR

Disclaimer: The contents of this guide and other related GDPR guides are for general information purposes only and do not constitute legal advice. We recommend talking with your lawyer, or seeking legal advice, about what your business needs to do to be compliant.

Background

The EU General Data Protection Regulation (“GDPR”) came into effect on May 25, 2018 and will replace the existing EU data protection law.

GDPR gives individuals control over how their personal information is stored and used by companies.

The GDPR is an excellent starting point when it comes to reviewing privacy and security practices. It’s only the beginning of a wider conversation and commitment.

If you collect, store or otherwise manage the personal information of individuals who live in the European Union, even if you don’t have an entity or presence in the EU, then the GDPR will apply to you.

Want to find out more about the GDPR? We recommend checking out the official GDPR website or the Information Commissioner’s Office (ICO) website.

What Is Personal Information

Personal information is” any data relating to an identified or identifiable natural person*“. It includes information or references to an individual’s name, contact details, location and IP address. This also includes less obvious things such as personal opinions, as well as preferences or factors specific to the physical, physiological, genetic, mental, economical, cultural or social identity of that person.

Sensitive personal data is a special category of personal data. This includes information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation and health information.

* These requirements around processing personal information only apply to living persons.

Controller Vs Processor

It’s important to understand your role with the GDPR, as that determines what actions you need to take to be compliant. There are two key roles: Controllers and Processors.

Your Business As A Controller

To comply with GDPR, you will need to fulfil your obligations as a Controller:

To support you in being compliant as a Controller, we are developing the following functions in Intuto:

Privacy policy

We will be adding a dedicated field in your account for you to enter your Privacy policy. This is shown to customers during the account registration process. They can consent to opting-in by checking the box provided. Until this feature is fully implemented it is up to you to ensure you have consent from your end users to meet your obligations under GDPR.

Complying with personal information requests

Under GDPR, there are specific rights that customers have regarding their personal data.

These are based around some key Data Protection Principles. Find out more about the Data Protection Principles.

Some key concepts from those principles are:

  1. The right to be informed.
  2. The right of access and the right to data portability.
  3. The right of erasure/the right to be forgotten.
  4. The right to restrict processing, the right to object

What Other Responsibilities Do You Have?

While Intuto is ensuring our systems and processes are compliant with GDPR, you have a responsibility as a Controller to make sure your business practices are also compliant. This includes the way you and your staff use Intuto.

For instance, if a staff member downloads or exports your customer list and contacts those clients directly, this would be viewed as a data privacy breach. The same would apply if you decided to share your customer list or client’s personal information with another provider, without communicating this to the individuals involved or seeking consent.

We recommend or talking with your lawyer, or seeking legal advice about what your business needs to do to be compliant. Here are some things to think about:

Intuto As A Processor

While protecting our customer’s information has always been a high priority for us at Intuto, we’ve used this opportunity to review all of our systems and processes around collecting, storing and processing personal information.

In light of this, we have made the following changes:

These changes are the beginning of an ongoing conversation and commitment around privacy and security at Intuto.

If you are a business owner and need to export your data, permanently delete
your account or have any questions about GDPR email to: support@intuto.com.

Scroll to Top