In recent months, there’s been a lot of discussion around GDPR. The various articles and videos you will have seen have been very much centered on what businesses are required to change in order to be GDPR compliant; you may even have seen our own take on what retailers need to know about GDPR.
As a service provider, it’s important that we help our customers in their preparations for GDPR, so in this article, we’re tackling an important question that our own customers have had for us – what is Brightpearl doing in response to GDPR?
But first, let’s ensure we’re all on the same page as to what GDPR actually is.
The General Data Protection Regulation (GDPR) is a new European privacy regulation which replaces the current EU Data Protection Directive. The GDPR aims to strengthen the security and protection of personal data in the EU and standardizes EU data protection law. It applies to any organization operating in the EU or processing the personal data of EU residents.
One of the key aspects of the GDPR is that it creates consistency across the EU for how personal data can be processed, used, and exchanged securely. Organizations need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.
We’re committed to being GDPR compliant before the effective date of May 25, 2018. This means we’ll be making changes to both the SaaS product we provide and to our internal business tools and processes.
We’ve carried out a thorough analysis of our software, as we process data on behalf of our customers. We know that you’re all carrying out similar analyses of your tools and systems so we’re making changes to Brightpearl to support you through your own compliance activities in our role as data processor.
A key change under GDPR’s ‘Right to access’ is that data controllers are required to provide a copy of a data subject’s personal data on request. Brightpearl will be updated to allow merchants to very easily download a customer’s data in just a few clicks.
Another significant change is the ‘Right to be forgotten’, also known as data erasure. This entitles the data subject (i.e. consumer) to have the data controller erase his or her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data as well. Brightpearl allows you to forget a contact, again with just a few clicks.
We’ve also conducted an analysis of the tools and systems we use to do business, and are making further changes to ensure we’re compliant in our role as data controller, according to the principles contained in Article 5:
And we now have new features in Brightpearl:
To stay informed of more product changes being implemented, keep an eye on upcoming release notes.