What Is GDPR?
GDPR (General Data Protection Regulation) is the new data security regulation coming into force on 25th May 2018 for companies within the EU, or those dealing with sensitive data relating to residents of the EU. It has been set up to try to curb both threats from cybercriminals as well as target companies that are lax in the use and storage of an individual’s personal data. Compliance with this regulation will improve the way in which companies use data and will also allow individuals to better control how their information is used. For more information on GDPR, take a look at our information on GDPR and how it relates to website marketing.
How Does GDPR Affect Infusionsoft Users?
The GDPR regulations make a distinction between data processors and data controllers because the legal responsibilities are different for each role. A data controller is a company or person who will be deciding which particular data needs to be stored and how it will be used. A processor will be the company or person who stores and processes it for the controller. As far as GDPR and Infusionsoft are concerned, Infusionsoft is the processor, and their customers are almost always going to be controllers.
This means that as a user of Infusionsoft you will likely be classed as a data controller which means you will have to comply with how data is collected, have a valid reason for storing it, and must also be able to dispose of it if a user so requests. If you would like to know more about your responsibilities, you can look our page How GDPR Will Directly Affect Infusionsoft Users for more help.
How Infusionsoft Will Become Compliant with GDPR
In order to comply with GDPR, Infusionsoft will be taking on the role of a data processor and carrying out four main tasks. They have already appointed a DPO (Data Protection Officer) and will be reviewing their security measures to ensure that they are protecting data to as high a standard as possible. Additionally, they have to comply with Article 30 of the GDPR which means they will be requesting information from their customers so that they can report on the categories of processing activities that they are performing on behalf of those customers. Finally, they will also be offering a new Data Processing Addendum (DPA) for their customers to sign, which will include details on how they will be making themselves completely compliant in readiness for 25th May 2018.
Although not specifically required in order to make Infusionsoft compliant, they are also releasing three new features that will help customers with their own responsibilities. These will assist in obtaining consent from users, an easy way to make sure that personal data can be made anonymous, as well as a ‘block’ feature to permanently remove a user from a list if necessary.
All of this does not necessarily mean users of Infusionsoft are automatically covered with regards to GDPR, as each entity needs to make sure they have followed the compliance rules themselves. However, it is an indication that if you use Infusionsoft as a third-party application, you can rest assured that they have taken care of their side of the processing and compliance issues as well as helping their customers approach GDPR in the correct way.
How We Can Help
And We Do This is an Infusionsoft Certified Partner and we can point you in the right direction for help and advice for achieving GDPR compliance. Get in touch to find out more.