Customer Thermometer GDPR Commitment Statement and FAQ
Last updated: 14 March 2018
Customer Thermometer GDPR Commitment Statement: information for our customers and prospective customers
The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation which will come into force in 2018. It builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe.
Customer Thermometer, as the data processor, is committed in the delivery of our services to our customers to comply with GDPR when it comes into force on 25th May 2018, working in conjunction with our customers as the data controllers.
What are we doing?
Customer Thermometer welcomes GDPR and the strong data protection and security principles that it enshrines, many of which Customer Thermometer put in place long before the GDPR was mooted.
Similar to existing legal requirements, compliance with the GDPR requires a partnership between Customer Thermometer and our customers in their use of our software.
Where data controllers are using a third party like Customer Thermometer to process personal data, our ability to fulfil our commitments as a data processor is a part of our compliance with GDPR. Because of this requirement, Customer Thermometer is working extensively to ensure that our Terms and Conditions of use and related agreements, and our relevant policies, contain appropriate provisions for personal data we process or store.
How will Customer Thermometer comply with the GDPR?
Our GDPR preparation started in June 2017, and as part of this process we are reviewing (and updating where necessary) all of our internal processes, procedures, data systems, and documentation to ensure that we are ready when GDPR comes into force. While much of our preparation is happening behind the scenes, we are also working on a number of initiatives that will be visible to our customers. We are, among other things:
- Updating our Data Processing Agreement to meet the GDPR requirements in order to permit customers to continue to lawfully transfer EU personal data to Customer Thermometer, and permit Customer Thermometer to continue to receive and process that data;
- Updating our third-party vendor contracts to meet the requirements of GDPR in order to permit us to continue to lawfully transfer EU personal data to those third parties and permit those third parties to continue to receive and process that data;
- Analyzing all of our current features and templates to determine whether any improvements or additions can be made to make them more efficient for customers that are subject to GDPR;
- Evaluating potential new GDPR-friendly features and templates to add to our application.
What do you need to do?
As a current or future customer of Customer Thermometer, you are responsible (as the data controller) for ensuring your use of our services is compliant with GDPR and your policies. Consider these tips:
Get to know GDPR: Familiarise yourself with the provisions of the new regulation, particularly how it may differ from your current data protection obligations and consider the relationships you have with both your customers and staff. Also, note the variance of local provisions which may be superseded by the new regulation when it comes into force in May next year.
Audit your data and processes for data capture: Consider creating an updated and precise inventory of personal data that you control. Review your current controls and processes to ensure that they’re adequate, and build a plan to address any gaps. Here are some steps you can take today:
- Review your survey program
2. Review your process documentation
3. Ensure you have a lawful basis for holding and/or processing the data
Stay informed: Stay abreast of updated regulatory guidance as it is issued.
We will keep close to the new legislation as its implementation by the ICO develops, and will keep our customers informed throughout this process.
Copyright Customer Thermometer 2017. This information is provided for customer guideline purposes only and should not to be relied on for any reason. It is subject to change or removal without notice.