Back to Blog

GDPR – Basic info

January 2, 2018 | Vladimír Šandera | | Smartlook

GDPR (or the General Data Protection Regulation) is a new directive from the EU that affects how companies collect and process their customers’ personal data. GDPR will come into effect on May 25, 2018, by which point all businesses in the EU have to become compliant. This article covers the steps we are taking in order to comply with GDPR rules and will hopefully answer any questions you might have.

As Smartlook is located in the EU, we will be (and have to be) compliant with GDPR by May 2018. All of our data is stored on servers in the EU, and majority of our customers are located in the EU, so we are fully focused on being GDPR compliant. GDPR’s main purpose is to standardize personal data processing and privacy protection across EU member states, but many of the points GDPR raises are actually already in place in some EU countries. And Smartlook already offers tools to enhance the protection of customer data, as covered in our help section: Data security & legal info

If you have any questions about GDPR itself, you can find out detailed info here. It’s especially useful to read through the FAQ and see what constitutes personal data under GDPR. There are many other topics covered, as well.

What Is Smartlook Doing to Prepare for GDPR?

We are already consulting with GDPR lawyers, and we’ve taken the first steps to become GDPR compliant. Here’s a list of things we are working on, all of which will be done before GDPR comes into effect:

  • An internal audit of how we handle the personal data of our customers and their customers — the audit will cover in detail what kind of personal data we process, where that data is stored, and what employees have access to it
  • An update of our Privacy Policy and Terms & Conditions
  • A new interface to enable you (our customer) to list all the personal data we store about your customer XYZ (for example), in case customer XYZ will ask you to tell them what personal data you have stored about them — you will also be able to delete this data in case customer XYZ asks you to
  • Further necessary adjustments to Smartlook so it fully complies with GDPR

Does GDPR Apply to My Use of Smartlook?

GDPR affects all businesses and entities in EU that process or store personal data. So the answer to that question depends on whether you use Smartlook to collect personal data of your visitors or customers.

Your use of Smartlook only falls under GDPR if you track personal data using Smartlook. To be more specific, GDPR applies to you if you can answer “yes” to at least one of the following points:

  • You record forms in which your customers fill in personal data, like their name or email address
  • You do NOT anonymize the IP addresses of visitors
  • You use our visitor info API or integrations
  • You display personal data of users somewhere on your website or inside your product, and this personal data is then captured by Smartlook

Even if you answer yes to all points above, your use of Smartlook is still completely legal under GDPR. In other words, you can use Smartlook and collect personal data via Smartlook and be GDPR compliant. If you do collect the personal data of your customers with Smartlook, you need to make sure you take the steps described below.

What Steps Do I Need to Take as a Smartlook Customer?

The first thing you should do is notify your customers and visitors that their personal data might be processed by third parties, including Smartlook. You can find the text we recommend you add to your privacy policy in our help section.

GDPR sets a new legal structure for personal data governance. From a legal point of view, you are a Data Controller of any and all personal data of your customers or visitors, and Smartlook is a Data Processor of that data on your behalf. This means that you collect your customers’ personal data and are responsible for it. By using Smartlook, you pass that personal data to us for processing, but you are still the “controller” of that data. You should update your Privacy Policy and Terms & Conditions to reflect this. You can find more info on Data Controllers and Data Processors here.

When GDPR comes into effect, you will be obligated to show your customers what kind of personal data you collect about them if they ask. As mentioned above, we are preparing an interface where you will be able to pull the data we collect about each individual customer of yours, and you will be able to delete this data in case your customer requests it.

We recommend you consult GDPR with a lawyer in your country to make sure you are compliant. For any legal questions regarding GDPR in connection to Smartlook, or if you believe some information in this article is incomplete or incorrect, you can contact me at vladimir@smartlook.com

Discussion