As we approach the 25 May 2018 deadline for GDPR, we thought it would be helpful to create an article which set out the answers to the most common questions we receive on GDPR from our customers.

If you don't find the answer you are looking for below, please contact us on support@glofox.com. 

Is Glofox GDPR compliant?

Like all businesses that process personal data on behalf of EU citizens,  Glofox is reviewing all of our processes and procedures and taking all the necessary steps to ensure we are compliant with the GDPR.  

You can be assured as a customer that Glofox will be ready and fully compliant by the deadline of 25 May 2018.

Who is responsible for my customer data?

In order to answer this question, it is important to explain two key terms, data controller and data processor.

A data controller is the individual or company who controls and is responsible for the keeping and use of personal information.

A date processor holds or processes personal data, but does not exercise responsibility for or control over the personal data.

In our relationship, you are the data controller and Glofox is the data processor. We hold your member’s personal data on our platform, but you as the business owner decide and are responsible for what happens to the data.

While you contract with us to store and process data on your behalf,  it is important to understand that under the GDPR the primary obligation remains with you the controller.

Where do you store and manage my data?

For full details on how we manage and store your data, please refer to our Privacy Statement available here.  

How does GDPR affect my ability to communicate with my Customers?

Under GDPR, the most important aspect in respect of any use of data is the consent of the person to whom the data relates. Under GDPR, processing data to directly market your services to your Customers is regarded as a legitimate use of their data but you must provide them with the ability to opt out of such communications.

We are currently making changes to our mobile apps and software which will allow your Members to opt out of marketing communications from you and to manage their own preferences. 

If you intend to market to people who are not your customers, the consent received with regard to those communications must be positive and unambiguous, ie "opt in" and there must also be an audit trail where you can evidence that the consent was given.

How do I get ready for GDPR?

We have prepared a guide to GDPR which is available on our blog here. This will help you get started but ultimately it is up to you to ensure that you are compliant with GDPR when the time comes around. GDPR is not something to be afraid of but it is definitely something you should not ignore.

We will be holding some webinar Q&As on GDPR in the coming weeks and we will share the times with all our customers soon.