Many of our customers ask us about our GDPR compliance. This is because a new law will be introduced from the European Union on 25 May 2018, which will have consequences for all owners of consumer data. The Dutch government has captured the attention of citizens to the new law on personal data via radio and TV commercials. No surprise that more and more consumers are asking questions about how their data is being handled. This article discusses how SO Connect has prepared itself for the introduction of the new GDPR data law.
What is the GDPR?
The GDPR, or General Data Protection Regulation, is a new European Privacy Act that aims to restrict the use of personal data by companies. The new law applies worldwide to all companies and organisations that track and process personal data of European citizens, regardless of whether payment is made for services or products. In practice, it means that companies must be more careful handling consumers' data. For example, personal data may not be stored for too long and the customer must actively give permission to the company to use his or her personal data. If permission is granted, the company may only use the data for the purpose clearly stated in the terms and conditions. If the consumer wishes not to share data, it must be possible to do so easily.
How can you ensure that your data can be retained?
In the hospitality industry you probably don't possess a lot of data. You may, however, use data from other companies, such as advertisements on Google or Facebook. The good news here is that this data is already being collected in accordance with the legislation. You are not the owner of the data here, and the majority of compliance responsibility lies within these companies.
If you have a newsletter that people can subscribe to, or if your guests leave their mail address to make a reservation and you plan to contact them later, you must let the guest know. You should then clearly state in your terms and conditions that you will contact them. You must also provide clarity about how guests can unsubscribe from your customer base.
How is SO Connect GDPR compliant?
As a SO WIFI customer, you collect data via the logins on your WiFi network. In fact, SO Connect, SO WIFI's parent company, is the one who lets your guest know that we're collecting data for use by your company. We've been doing that for months, so you can continue to use the data you've collected through SO WIFI also after the law is enforced.
What do we do to be compliant?
Together with leading privacy lawyers, we have made a number of changes over the past year. The main steps we have taken are as follows:
- Renewed login portal with opt-in for explicit permission to use the data.
- New data breach protocol
- New data security system
- Appointment of an independent Data Privacy Officer
- Removal of all data from users under the age of 16
- Accessible unsubscribe page
- Possibility of refusing data sharing
What if my guests have questions about this?
Your guests may have picked up on this new legislation and therefore have questions about how you handle their data. That is no problem at all.
The general terms and conditions state exactly with which parties we share data. Also, the personal details are only available for you as an entrepreneur in the catering industry for 3 months. In addition, guests can easily unsubscribe. As it is no longer allowed to require data sharing, your guests can also choose the option "continue without logging in". This is located at the bottom of the login portal.
For questions about the GDPR and how SO Connect deals with data, please contact email@example.com. You can also come here to report alleged abuses and requests for the deletion of data.