Post

5 followers Follow
1
Avatar

GDPR compliance

Thomas Serafini

Hello,

are you planning to make the system (the sign up forms in particular) GDPR compliant? GDPR is the new European Privacy regulation.

 

 

Completed

Official comment

Avatar

Edit Jan. 17, 2018:

Please see our GDPR, Privacy Shield and ONTRAPORT page.

Our Privacy Policy and Terms of Service now includes GDPR and Privacy Shield items indicated.

Our article ONTRAPORT and the GDPR may be helpful to show how to accomplish recommendations you receive from your attorney regarding compliance.

------------------------------------------------------------------------------------------------

As far as we can tell, all the new requirements on EU businesses are easily handled with the tools already available in ONTRAPORT (consent requests, tracking of responses, opt-out requests, data delivery requests, etc). The only requirement that will require some help from ONTRAPORT is the legal agreement between ONTRAPORT and you, which we'll make available before the deadline next may.

As a company that stores your customer's credit data, we are already held to a very (very) high security standard, and it's virtually impossible to imagine that they'll be asking for providers to do more than we already do.

...Although if they did, we'd love it - we've been working on security for years, and stiff new requirements would put virtually all our competition out of business in the EU. 

Landon Ray

Please sign in to leave a comment.

5 comments

0
Avatar

Hi, would you be able to provide details of any official security standards you adhere to/are a member of that we can use in communications regarding GDPR as soon as possible please.

Very many thanks

Tamsen Garrie 0 votes
0
Avatar

No, we will only be providing the information we have to provide, which to our understanding is the legal agreement between you and ONTRAPORT. We will have an update on our security level in a month or two, and you can compile that if you need to. 

Frank Hagan 0 votes
0
Avatar

Hi,

You're saying :

As far as we can tell, all the new requirements on EU businesses are easily handled with the tools already available in ONTRAPORT

In this case, could you provide me an easy solution for store a GDPR compliant proof of consent in ONTRAPORT ? And something that can be EASLY extracted in case of audit.

Here what to store for EACH form submitted :

1. Who -> Name, Email
2. When -> Date
3. How -> Name of form
4. What we have told to the customer the moment they consent -> screen of form, pdf of terms (the version at the time they consent)

It's more the last point I struggle with...
And a way to quickly and easly extract these data.

In my opinion, Ontraport is compliant.
But it's a REALLY BIG CHALLENGE too implement a compliant GDPR process... 
It's absolutly not easy has you told.

Or maybe you have a solution for me ?
Because in the case of an audit... I think I have for 1 or 2 month at full time to extract clear data... And at this time, my proof of consent is not compliant (because of the missing of the point 4)

Damien Pugin 0 votes
0
Avatar

The Contact Record will record the opt-in form in the Contact Log as one of the first entries with a date and time stamp. The System Information tab will also show the date they were added, and the IP address they joined from if available.

We are not lawyers so we can't tell you if this information will satisfy your local enforcement agency's requirements. Check with them and see if that information is sufficient for the first three items in your list.

You will have to find out if standard version control information for your Privacy Policy is sufficient when cross referenced with the date of opt-in. We cannot tell you if that will work, but if it is sufficient for your local agency, then you could implement version control for the necessary notifications on your website. Here is an article about using GitHub for version control. The article is from 2009, so it is not a new concept. There are commercial packages that maintain versions of your pages that might be easier to implement. You will have to find out which solution satisfies the requirements for GDPR.

ONTRAPORT also includes a feature called the Filebox in each Contact Record on the Notes and Tasks tab. You can store files that are unique to that contact in the Filebox. Files in the Filebox can be sent as file attachments on email messages only to that Contact. The Filebox records the date and time the file was added. We don't know if that would satisfy the requirements or not, so check with your attorney or local jurisdiction.

Frank Hagan 0 votes