After 2018-05-25 it's mandatory for companies with customers within the EU to comply with the General Data Protection Regulation (GDPR)

It is up to the company who is data responsible (you) to document compliance but as a service to you as a customer we have chosen to present you with the following assistance

The only change you will see in our services is the Terms of Sale (TOS) will be more visible to your customers as they have to actively comply to these. It's in your own interest you see to it that your TOS are fully updated prior to May 25th. Just send the updated version to Support and they'll update them in your online booking.

What is this GDPR all about?

The GDPR is all about securing some form of privacy for you and me and that puts some restraints on what and how companies can handle our data. Here you get four main areas in bullet form and then it's up to you to take over from therre.

Primary questions and user rights

Legal grounds for lawful processing of data

Companies are often confused about this part and thereby seeks consent which is only one of six legal grounds for data processing - And the least attractive for the company (and sometimes even for the customer).

So let us establish a fact: You do NOT need consent if you fall under ANY of the other 5 legal grounds!

These are the 6 legal grounds ordered by relevance for the vast majority of our users

  1. Contractual necessity
  2. Legal obligations
  3. Legitimate interests
  4. Consent (usually only for unrelated marketing and in these cases only for sending and not for the actual data processed under one of the above grounds)
  5. Public interests (not relevant)
  6. Vital interests (not relevant)

Please find more detailed information elsewhere

What data are we talking about?

For most companies the GDPR is talking about two kinds of data: 'Personal' and 'Special'. If you can stick to 'Personal' data it will ease your work on preparing for the GDPR.

Usually companies have data collection on customers and staff but be sure you have included all possibilities. Also note that as a rule of thumb all health data is considered special and for instance registering a membership of a union on a staff member is considered special data.

Here follows examples of what should be Personal data (note where marked with * it can be both) and that this doesn't consider compliance to other regulations!

Where do you store/use data?

The fewer places you store data the easier to keep it under control

Who is handling your data?

Make a list of everybody with access to your data

DISCLAIMER

This article comes with absolutely no guarantee it's either correct or complete or in any way related to your business.

Always seek professional legal assistance on this topic.