Saas Trends

3 Min Read

inSided is GDPR Compliant

You have probably received an absolute ton of GDPR related emails coming from other vendors, and that’s a good thing. Your data should be a priority, and we would like to tell you more about the steps we have taken at inSided to ensure that every individual’s data is safe, and all rights concerning their control over that data are correctly upheld.

inSided has always made privacy & security a priority. Our platform is fully aimed at making sure end users are able to exchange knowledge amongst each other, without having to worry about their privacy or personal data. It’s about helping each other out, not getting caught out. So, we have provided a number of features and changes to make sure our customers can comply with the GDPR.

inSided is GDPR compliant

What is the GDPR?

The EU General Data Protection Regulation (GDPR) sets a new standard for how companies use and protect EU citizens’ data. The regulation took effect on May 25th, 2018. The GDPR speaks about ‘data subjects’ (end users), ‘data controllers’ (our customers) and a ‘data processor’ (inSided). We will further use this terminology to explain each party’s individual rights & responsibilities when applicable.

1. The right to erasure (or ‘right to be forgotten’)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her. (More info)

We have made a ‘user erasure’ feature available to all of our customers. This feature is available in the backend environment of our platform, and through our API. Basically this feature enables a data subject or data controller to render personal data (e.g. a profile picture, private messages, and the position on leaderboards) inaccessible and unusable for all relevant parties. Data records will be anonymized irreversibly.

The right of data access and data portability & right to rectification

The data subject shall have the right to receive/view the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. (More info)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. (More info)

The data subject can contact the data controller to request insight into – or the correction of – their personal data. The data controller would then be able to use our API or backend environment to make changes or update data.

What about cookies?

The fact that end users are using our web pages does not mean they automatically consent to all cookies and/or tracking. We have therefore included a default cookie consent form in our platform. This provides the end user with a choice, in compliance with the GDPR stating that all given consent to cookies needs to be done with a clear affirmative action. An example of a clear affirmative action would be clicking on an opt-in box, or adjusting settings in your profile page.

We now support 3 levels of cookies: basic, normal and complete. End users can now choose to which level of cookies they want to give consent. Settings can be readjusted later by updating their profile settings.

Final words

GDPR also stipulates the need for a Data Processing Agreement (DPA) between the controllers (our customers) and the processor (inSided). Most companies have one available, and we can help to finalize the agreement.

inSided’s data policy is compliant with the GDPR, which describes the protection of individuals’ fundamental human rights to privacy, with regard to the processing of personal data and on the free movement of such data. Each of our customers is able to create its own conditions to which the end user consents. inSided wants to make sure our customers can provide their end users with the right privacy settings, terms and conditions. Privacy options are available to the end user to ensure safe usage of the inSided platform.