Tools to help you meet the requirements and stay in compliance when you collect data with Qualifio
The European Union’s General Data Protection Regulation (GDPR) goes into effect on May 25, 2018, which means that you have five weeks left to comply with the new privacy law. Organizations holding or processing personal data of EU citizens must be able to identify, protect, and manage all personally identifiable information (PII) of EU residents even if those organizations are not based in the EU.
Qualifio has been offering tools to help you prepare and comply with the GDPR: free resources to assess what you need to do for compliance, dedicated workshops to accompany you in the implementation of measures to meet requirements, and now new features to help you maintain compliance of your data processing activities in Qualifio Manager.
Everything in the GDPR Toolbox was built on top of an API. If you want more information about it, our sandbox and documentation are available upon request.
On April 25, 2018, at 10:00 a.m., our Head of Product and Marketing Director will show you all the possibilities offered by the GDPR Toolbox to keep total control over your data. They will review the key features allowing you to conduct a 100% compliant data policy, and share real-life examples of “GDPR-friendly” forms, allowing you to collect consent in compliance with the new regulation.
Qualifio’s GDPR Toolbox
Our GDPR toolbox is available to Qualifio Manager users and equips them with the features necessary to achieve demonstrable compliance when launching interactive campaigns and collecting data with Qualifio. What follows is an explanation of what the toolbox includes.
1. Right to erasure
The GDPR introduces a right for individuals to have personal data erased, also known as ‘right to be forgotten’. With this new option, you can either bulk-delete PII collected during a specific period, or manually erase a user’s personal data on their request. These actions will delete all personal data from the Qualifio CRM, campaigns participations, and coregistrations. Your DPO can also set up rules to automatically erase all personal data from the system after a couple of weeks or months, for instance.
2. Right to data portability
The right to data portability allows data subjects to obtain all data that a controller holds on them and to reuse it for their own purposes (either store the data for personal use or transmit it to another organisation). This new module enables you to extract all data related to a user from our system and hand it over to them.
3. Right to be informed
Your existing or prospective clients have to be informed on how your organisation deals with data. This will be the place to centralize your privacy statements and have default texts stored, which can then be inserted in two spots of your campaigns: under your identification forms and/or behind a button in the main menu accessible at all times. Privacy policies can be specific to each of your websites.
4. Data processing requests
All requests involving personal data will have to be approved by your Data Privacy Officer (DPO). Such requests will result in a message sent to your DPO and a pending status while waiting for approval.
5. Access logs examination
Access logs provide information on all important activities performed in your Qualifio account. With this new feature, your DPO can find out who accessed or exported data such as: campaign statistics, CRM queries, global account statistics, opt-ins, coregistration statistics, Qualifio users. They can also monitor which campaigns were purged or deleted.
6. Overview of all identification fields
The GDPR establishes a clear distinction between sensitive personal data (any data that reveals a user’s racial origin, political opinion, religious belief, etc.) and non-sensitive personal data. The data that Qualifio’s clients collect and process does not qualify as sensitive data as defined by the GDPR. In this new section, your DPO can ensure it stays that way and that no data is being collected through Qualifio without prior consent from the subject.
7. DPO appointment
We built the GDPR Toolbox keeping in mind that DPOs are responsible for overseeing data protection and ensuring compliance with GDPR requirements. Which is why this set of new features gives DPOs total control on all personal data processing. Not only will your DPO have to approve all important requests for personal data manipulation, but they will also be able to set up a data retention policy and view all access logs.
8. Qualifio GDPR documentation
In this section, you will always have access to up-to-date information about our data protection contract and organisational measures.
GDPR Toolbox: How to use it
The first step you need to take to be able to use the GDPR Toolbox in your Qualifio account is to appoint a DPO. In order to do that, you have to send their contact information to your Qualifio Account Manager so we can assign this role and the corresponding rights and access to the right person in your company. Once we have done that, you will be able to designate different DPOs by yourself.
What’s coming for V2?
Here’s what we can already tell you about the second version of the GDPR Toolbox…
- You’ll have the option not to collect IP addresses in anonymous campaigns;
- We’ll offer the possibility to make personal data exports available only to Admins;
- To ensure that changes made to privacy documents are verifiable, we’ll also create some sort of versioning for consent opt-in texts;
- Next to the overview of all identification fields, you will also have the opportunity to monitor all question fields to be 100% sure that no one on your team is collecting sensitive data outside of the identification form of a campaign;
- GDPR Toolbox access may be granted only to Admins –it is currently also accessible to users with the ‘Marketer’ status.