Booqable and the GDPR
BLOG / Feature | 3 min read
Herman de Bruine
Product Owner & Customer Success

Booqable and the GDPR

We’ve updated our Terms and Conditions and Privacy Policy in preparation for the General Data Protection Regulation (GDPR). The GDPR raises the bar for how companies use and protect EU citizens’ data. Companies with any relationship to EU residents are updating regulation on how personal data is obtained, used, stored, and deleted. It will take effect from May 25th.

Illustration of the European flag with a lock

How can I honor my customer’s requests around their personal data?

Under the GDPR, EU citizens have certain rights concerning their own personal data. Booqable offers you tools and methods that allow you to easily access, change, remove and delete that data at your customer’s request.

Let’s take a closer look at how Booqable helps you honor these rights.


Right to be forgotten

When a customer requests removal from the system, we recommend a procedure like this:

  • View the customer you want to forget,

  • Obscure/garble the customer name,

  • Delete email addresses, address information and other fields like this.

This process effectively erases the customer’s personal data from Booqable. It’s a manual procedure, but it’s likely that this is going to be an infrequent request.

Note that these steps don’t change information on existing documents you may need to keep for legal obligations (like invoices).

Right of access

Your customers may contact you to request access to information you keep about them. You’re able to do a quick search for your customer in the Orders, Customers and Documents sections of Booqable and export relevant information to help you construct your response to your customer.

Data portability

Much like the right of access, you can run a search on your customers, export the data and hand it over to them however you choose.


FAQ

Is Booqable GDPR compliant?

We have made improvements to Booqable to assure that you as a controller can feel completely assured that you meet your obligations using Booqable under GDPR.

That said, because the GDPR is a brand new and very comprehensive regulation, no vendor can at this point legitimately declare that they are GDPR compliant as there doesn’t seem to be a certification method by which assures that you are compliant. If your company serves EU citizens, you’ll need to do your best at making a good-faith effort to be compliant, keeping a close eye on, and adapting to its developments.

Can I still use Booqable if I have customers in the EU?

Absolutely! Understanding what specific rights data subjects have to their personal data, and how to comply with them as a Data Controller is key to your ability to meet with GDPR. Booqable will be acting as a Data Processor for your customer’s data and provides means to help you comply with all of your data subject’s rights.

If I’m outside of the EU, am I affected by GDPR?

Most likely so. Whether you’re based in the EU or not, it is hard to be sure that you’ll never process an EU citizen’s data.

Where is my data stored?

Booqable’s production data is stored within state of the art data centers located in the US. If you serve customers in the EU or are located in the EU, our Data Processing Agreement (DPA) is available to sign upon request.


Disclaimer

The information in this post is provided for informational purposes only and should not be treated as legal advice. To determine precisely how the GDPR may or may not apply to you, you should work closely with legal and other professional counsel.

Popular posts