GDPR

Data Protection and our Commitment to GDPR

Plan Your Website is fully committed to being compliant with GDPR.
We promise to safeguard your data.

Benefits of GDPR
To strengthen an individual’s rights to privacy, the European Union brought about the General Data Protection Regulation or GDPR. Fortifying existing directives on data protection, the GDPR defines guidelines for businesses collecting, storing and processing personal data. The regulation issued by the European Union applies to businesses processing personal data of European residents, and has an enforcement deadline of May 2018.

REFERENCE

A comprehensive overview of key elements of the GDPR.

REGULATION

The official General Data Protection Regulation document.

The regulation encompasses steps to be taken in all areas of protecting an individual’s privacy — setting up security mechanisms, compliance, repercussions of breach and more. Non-compliance beyond the enforcement date is liable to attract heavy penalties.
Committed to protecting our customer’s personal data, Plan Your Website is here to help customers and end-users understand the significance of the GDPR, its requirements and our allegiance to comply with global standards.
Our GDPR compliance practices are supported by 3 principles

VALUE

Deliver business value by optimizing service efficiency with secure and scalable systems for collecting, storing and processing data

COLLABORATION

Increase customer and partner awareness on regulation requirements, ensuring consistent application of data protection measures.

CONTINUITY

Drive business performance through continuous improvement, best practices and innovation.

Frequently Asked Questions

What is Personal data?

Any information relating to an identified or identifiable natural person (‘data subject’). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as – name, email address or location, and also online identifiers like IP address, types of website cookies and other device identifiers.
For eg: Support tickets carrying personal data like name, location, social identity for purposes to record and solve an individual’s support requests; CRM software collecting online identifiers to learn prospect activity on from the company website/product.

Who are data controllers, processors and sub-processors?

A data controller is an entity/person that determines purposes and means of processing personal data of the EU resident. For eg. Plan Your Website is a data processor and Plan Your Websites’ customers are controllers of the EU resident’s data.
The GDPR applies to both data controllers and processors. Controllers collect data from the end-user that is the EU resident, for purposes clearly stated and with appropriate consent. Data processors provide services to the controller in accordance with each controller’s instructions. Processors also use data collected to perform benchmarking analysis, so that it can sell further services allowing controllers to compare their data to industry averages.
Another category called sub-processors or third-party businesses performing data processing for other companies are also accountable for protection of personal data, according to the GDPR

Does the GDPR require EU data to stay in the EU?

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on the transfer of personal data outside the EU.
Data transfers from the EU to outside can be legitimized in many ways including:-
EU-US Privacy Shield
Model or Contractual Clauses
Binding Corporate Rules (BCR)

How does my business benefit by complying with the GDPR?

The GDPR helps restore consumer trust by acting as a central authority governing rules of data protection and rights across the EU. The new law allows businesses to undertake opportunities in the digital market while protecting an individual’s fundamental rights.
Businesses can capitalize on opportunities through:-
Cost savings and less complicated policy management by dealing with 1 law, not 28. This otherwise required expenses and efforts dealing with regulations for each member state locally.
Consistency in practice of data protection measures both in and outside the EU. This is because the same regulation applies to all businesses, regardless of where they are based out of.
The regulation enables innovation to flourish under the new law.

What are the key changes from the previous regulations?

New & enhanced rights for data subjects – This law gives an individual the right to exercise complete authority over their personal data. Some of the rights highlighted in the regulation are:
Explicit consent : Data subjects must be informed about how their personal data will be processed. Organizations must make it as easy for data subjects to withdraw their consent as it is to grant it.
Right to access : At any point in time, the data subject can ask the controller what personal data is being stored or retained about him/her.
Right to be forgotten : The data subject can request the controller to remove their personal information from the controller’s systems.
Data portability : The controller must be able to provide data subjects with a copy of their personal data in machine-readable format. If possible, they must be able to transfer the data to another controller.
Obligations of the processors – GDPR has raised the bar for the responsibilities and liabilities of data processors as well. Processors must be able to demonstrate compliance with the GDPR and they must follow the data controller’s instructions.
Data Protection Officer – Organizations may need to appoint a staff member or external service provider who is responsible for overseeing GDPR, general privacy management compliance and data protection practices.
Privacy Impact Assessments (PIA) – Organizations must conduct privacy impact assessments of their large-scale data processing to minimize the risks and identify measures to mitigate them.
Breach notification – Controllers must notify the stakeholders (the supervisory authority, and where applicable, the data subjects) within 72 hours of becoming aware of a breach.

What is personal data or Personally Identifiable Information (PII)?

Any information relating to an identified or identifiable natural person. The identifiers are classified into two types: direct (e.g., name, email, phone number, etc.) and indirect (e.g., date of birth, gender, etc.).

Where is my data located?

All customer data held by Plan Your Website is located in a US data centre by our backend providers Zoho.com.
Plan Your Website utilise several external agencies to handle and process all of our data and payment services.
Each company will have there own respective guidelines/legal mandates in place by May 2018. – Plan Your Website doesn’t store any customer data on our own servers, and thus any breaches fall under the onus of our respective suppliers.
Our respective backend suppliers:-
Zoho
Stripe
GoCardless

WE’RE HERE TO HELP

Have any questions? Talk to our Customer Care Team…