Customer Thermometer GDPR Compliance Statement and FAQ
Last updated: 11 May 2018
Customer Thermometer GDPR Compliance Statement: information for our customers and prospective customers
The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation which will come into force in May 2018. It builds on existing data protection laws, strengthening the rights that EU individuals have over their personal data, and creating a single data protection approach across Europe.
Customer Thermometer, as the data processor, is committed in the delivery of our services to our customers to comply with GDPR from when it comes into force on 25th May 2018, working in conjunction with our customers as the data controllers.
What are we doing?
Customer Thermometer welcomes GDPR and the strong data protection and security principles that it enshrines, many of which Customer Thermometer put in place long before the GDPR was mooted.
Similar to existing legal requirements, compliance with the GDPR requires a partnership between Customer Thermometer and our customers in their use of our software.
Our GDPR preparation started in June 2017, and as part of this process we have been reviewing (and updating where necessary) all of our internal processes, procedures, data systems, and documentation to ensure that we are ready when GDPR comes into force.
We have now:
- Updated our third-party vendor contracts to meet the requirements of GDPR in order to permit us to continue to lawfully transfer EU personal data to those third parties and permit those third parties to continue to receive and process that data;
What do you need to do?
As a current or future customer of Customer Thermometer, you are responsible (as the data controller) for ensuring your use of our services is compliant with GDPR and your policies.
Consider these tips:
Get to know GDPR: Familiarise yourself with the provisions of the regulation, particularly how it may differ from your previous data protection obligations and consider the relationships you have with both your customers and staff. Also, note the variance of local provisions which may be superseded by the new regulation.
Audit your data and processes for data capture: Consider creating an updated and precise inventory of personal data that you control. Review your current controls and processes to ensure that they’re adequate, and build a plan to address any gaps. Here are some steps you can take today:
- Review your survey program
- Review your process documentation
- Ensure you have a lawful basis for holding and/or processing the data
Stay informed: Stay abreast of updated regulatory guidance as it is issued.
We will keep close to the new legislation as its implementation by the ICO develops, and will keep our customers informed throughout this process.
Copyright Customer Thermometer 2017 and 2018. This information is provided for customer guideline purposes only and should not to be relied on for any reason. It is subject to change or removal without notice.