Hopefully you have heard of the General Data Protection Regulation (GDPR) by now. For those who haven’t, GDPR is a major update to our data protection laws that we explored in a previous blog post. We’ve been reviewing and updating our internal data processes and systems to make sure we’re ready for the May deadline.
As Commonplace moves into 2018, our preparation efforts are ongoing and will continue over the next few months. But we’ve already made a lot of progress. We’re committed to achieving compliance with the GDPR, and we will help our customers do the same.
We've redesigned the way respondents comment and contribute to a Commonplace to make it really clear what data is being collected, why that data is needed, who will see the data and what the project teams are going to be doing with it.
We make it clear who will see the data
Respondents no longer have to sign up before commenting, but we do collect demographics about people who add new comments or agree with existing ones.
The first time you add or agree with a comment we list the various organisations who will have access to your data and the role they have in the engagement process.
We make it clear why the data is being collected
The demographic information form now provides an explanation of why each piece of data is being collected and its relevance to the engagement process.
We make it clear how and when respondents can be contacted by the engagement teams
We provide a selection of granular communication consent options for reaching out to respondents, providing feedback and regular news updates.
The consent is now really clear and unambiguous without being overwhelming.