What is GDPR?
General Data Protection Regulation (GDPR) is the European Union's (EU) legal framework for new data protection laws. They came into effect on May 25, 2018. The goal of this new regulation is to protect the data privacy and rights of the EU citizens by setting guidelines for companies on how they can use and process personal data.
Does GDPR apply to my business?
Since GDPR is an EU framework, all business based in the EU will have to be GDPR compliant. But the framework is far-reaching and affects firms outside the EU as well. If you are collecting, recording, storing, using or processing the personal data from customers who are EU citizens, then you will need to be GDPR compliant.
We would highly recommend consulting with your legal counsel about the full scope of GDPR and how it affects your business.
How is PushOwl GDPR-compliant?
We value the privacy & rights of our users and their customers. As part of our process for being GDPR compliant, we have reviewed and updated our internal systems, processes, database, and documentation.
These are the steps that PushOwl has taken in order to be ready for GDPR:
Updated our Data Processing Agreement (DPA) to meet the requirements of the GDPR. You can lawfully transfer personal data from the EU to PushOwl, and we can continually receive and process this data. (Available on request)
Reviewed and updated our third-party vendor contracts to ensure that they are GDPR ready. This will allow us to lawfully transfer EU personal data to those third parties and permit those third parties to receive and process that data on our behalf.
Implemented Shopify's mandatory webhooks concerning the redaction of your data in line with the GDPR laws. Data will be redacted following Shopify's Policies.
Trained our team so that they are aware of GDPR and the requirements of its laws. Moving forward, we will be developing our product and business strategy with the new laws in mind.
Created new features and improved existing ones, which allows you to get consent to show the browser prompt. This is important to get subscribers.
Created new features to give you more control over what personal data they want to collect.
The ability to export subscriber data is enabled across all plans. Using FCM keys till May 31st 2019 and using VAPID protocol after this date.
Features to Ensure GDPR Compliance
According to GDPR, PushOwl is classified as a 'Data Processor.' In other words, PushOwl processes the data of the visitors who subscribe to your store for web push notifications, including both personal and non-personal data.
When creating or editing your privacy policy, you need to disclose that your customer's data is being shared with PushOwl to send personalised web push notifications, including what information is being collected.
On the 'Widgets' tab, you can now enable a 2-step opt in process for your visitors, by writing a GDPR compliant message about subscribing to push notifications.
A new 'Privacy' tab on the Settings page is dedicated to give you control over the data you want to collect and allow PushOwl to process on your subscribers’ behalf. You can find a detailed explanation of the ‘Privacy’ tab here.
Note: This document should not be understood as legal advice. Please get professional guidance from your legal counsel on how GDPR impacts your business and what is required for you to be compliant with the new rules.