#

GDPR

Your data is critical to your business, so it is essential that you are in control of it. You choose what data your business shares with Pabau based on the products and features you use.

Introduction

- Our commitment to GDPR -

We are working hard to prepare for the EU's General Data Protection Regulation (GDPR). Keeping users information safe and secure is among our highest priorities at Pabau. Over the years, we have spent a lot of time working closely with Data Protection Authorities in Europe, and we have already implemented strong privacy protections that reflect their guidance. We are committed to complying with the new legislation and will collaborate with partners throughout this process.

Shared responsibility

If you would like to read the full copy of the regulation, you can find it here.

GDPR (General Data Protection Regulation) is all about joint responsibility. As the name suggests, you as the controller determine what you do with the personal data that you collect and how it is processed. As the processor of that data, Pabau is responsible to protect the collected information and provide the processing that you, the controller, will require.

Preparing for the change

We understand the GDPR will mean extra work for us. However, an updated data protection legislation is long overdue and we believe that the new regulation is a common sense revision to rights and protections that all of us would want for ourselves and our families.

The Information Commissioner’s Office (ICO) has published a helpful guide that outlines the steps that businesses like Pabau should go through to ensure that they are fully prepared for the GDPR coming into action in May 2018. Below, we will list some of the most important ones:

  • Data breaching preparations - Dealing with a data breach is not a pleasant thing. We are undergoing penetration testing in order to detect, investigate and report a possibility of data breach.
  • Rectification of data - Clients must have the ability to amend/change inaccurate or incomplete information that a clinic is holding about them. Besides this, they will have to know if their information has being shared with another organisation.
  • Access - Building on the step above, the clients should be provided with access to their personal data if they request it. Therefore, our job is to explain how the data is being processed in a non-technical and easy to understand terms.
  • Objections - Clients will need to be informed that they have the full right to object to their data being processed in any way. Direct marketing and research included.
  • Approaches to consent - What is being done with the client data must always have a legal justification in the form of a legal document. Pabau will always be clear on how it is obtaining consent and the reason behind it.

Here is what we have been doing at Pabau in order to achieve compliancy:

  • Email encryption - we are using a provider Mandrill who is GDPR compliant, and who also enforces encryption upon email send. You will also notice the 'Sensitive Data' feature found when sending an email.
  • Audit Logs - we are slowly rolling out audit logs across the entire platform, whilst this is not a certain requirement, it is something that will allow for better transparency further down the line.
  • Sharing - any email that is sent or shared via Pabau can be seen under the communications tab (3rd parties are now included).
  • Data File Request - we have introduced procedures in order for us to be able to cope with a data file request.
  • Consent - We introduced a feature into step 1 of the paperless app which allows clients to withdraw consent. You will notice you can also withdraw consent via the client card. *Update* We have plans to add in further opt out rules in ALL emails.
  • Data Breach - Our staff know how to escalate a security incident to the appropriate person or team in our organisation to determine whether a breach has occurred.
  • Our Partners - we have reviewed our partners and ensured that all suppliers which are handling data are also compliant with GDPR.
  • Appointed DPO - We have appointed a data protection officer at Pabau.
  • Lead API - You can use our Lead API for your inbound website enquiries, ensuring the below point is true.
  • EU Hosted - we guarantee that data does not transfer outside the EU nless the trnasfer complies with chapter V of the GPDR.
.. to be continued

Why Not Speak to One of Our Team?

Sometimes it's just easier to talk about things

Or Call 020 3475 2900

Pick Another Feature

We'll set up a personalized demo just for you.

Need help...Please get in touch with us

  • Call Us Now : 020 3475 2900