Starting on 25 May 2018, the EU General Data Protection Regulation (GDPR) will become effective across all European Union member states. The GDPR is the biggest reform in data protection legislation in the past 20 years, and creates new responsibilities for how businesses (like you) and data processors (like us) handle personal data. You can find more information at https://www.eugdpr.org/the-regulation.html
DoTimely has always maintained a policy of respect for our user’s data and we do not sell data to any third parties.
Does the GDPR affect my business?Any organization with a presence in an EU country or any company that processes personal data of EU residents and citizens will be impacted by this regulation.
Does it impact small businesses tooYes! Any business that processes the personal data of EU citizens and residents must comply with the GDPR.
Where Your Data is Stored?
DoTimely stores all data in servers and backup servers located in the United States. Identifiable consumer data will be removed if requested by the consumer and approved by you, the customer.
- GDPR gives your clients greater control over their personal data, including the rights to access, correction, portability, and erasure.
- The GDPR requires you to report certain personal data breaches to the relevant authority and inform individuals as necessary.
What More You Can Do
We recommend you research appropriate guideline documents and consult with a lawyer or advisor as you deem appropriate for your business.
DoTimely is working towards ensuring GDPR compliance, this does not automatically make your business compliant by default.
As a business owner, here are some additional steps you can take to become GDPR compliant:
- Contact any suppliers or other technology companies you work with that handle your customer’s data, and make sure they are or are taking steps towards becoming GDPR compliant
- Review permission levels of each of your staff members on DoTimely, and make sure that customer data is accessible only as necessary. The default permissions in the system are restrictive and staff can only access the data for the customers they need to provide service too.
- Inform your staff about the upcoming regulation. An overarching theme of GDPR is that customer data can only be used to the minimum amount necessary, so make sure your staff do not use customer data inappropriately
- Carry out a review of how you are currently handling personal customer data, and note down what changes will need to be made in order to comply with the new standards
- Understand where customer data is stored in any system, and be ready to respond to requests for data access or rectification. This includes spreadsheets, word documents, Google Docs, etc.
- Keep record of the steps you have taken towards meeting GDPR requirements, and make sure you share processes with your users in writing
- Use the Client Policy feature so your clients understand the information you are collecting and how you will use it.
What emails are considered operational i.e. clients cannot opt out of them.
DoTimely does not validate the information you enter for clients. So there is no requirement to store actual email addresses. If an actual email address is entered into the system than the following emails cannot be opted out of:
- Appointment Reqauest Acceptance
- New Invoice
- Invoice Past Due Reminder
- Forgot Password
- Payment Failed Notification
Can I review data erasure request before they are processed?
As the data controller, it is ultimately your responsibility to determine whether to honor a request to be forgotten. You will be responsible for approving or denying any erasure request submitted for your business. Some things to consider before making a decision on the requests are unpaid visits or invoices, upcoming appointments, package or account balance, etc.
What are some of the common types of data the system users save in DoTimely?
All the data entered into DoTimely is optional as the data controller you determine what data you want to store in the system. Here are some common items:
- Customers: Name, email, phone, address, photos, pet information and appointment schedule. This information is helpful to provide service for your customers. In addition to the basic contact you may store additional notes and access instructions.
- Staff: Name, email, pay rates, schedule
- Visit Data: Visit reports, photos, notes, comments
Consumers right to view personal data
The consumers have access to DoTimely web portal and mobile apps to view the data stored in the system for them. They can access their contact information, financial data as well as the visit schedules and reports.
If you have specific questions please contact us at firstname.lastname@example.org with the subject line starting with GDPR