On 25th May 2018 the EU General Data Protection Regulation (GDPR) legislation will come into force. This new legislation enhances and extends the existing Data Protection Act and is designed to safeguard personal data and give individuals new rights over how their personal data is collected and processed. Geckoboard is already compliant with many aspects of GDPR legislation and we will be fully compliant by the time the legislation comes into force. You can read more about GDPR on a dedicated section of the UK's Information Commissioner's Office website.
Further updates on Geckoboard's GDPR preparations will be variously published on our website, social media and newsletters to ensure you’re kept up-to-date.
Audit, awareness and accountability
We are currently conducting an information audit to identify the data we process and how it flows through and out of the business. Once this is complete the findings will be documented with effective procedures and staff guidance in place in compliance with GDPR's accountability principle.
Some personal data is required to use the service and by signing up you are entering an agreement which gives us a lawful basis to process your personal data.
However, for other activities such as informing you about product updates, events or useful tips on using Geckoboard we are redesigning how we capture consent and allow you to change it.
Under GDPR you have explicit rights around how your personal data is managed. Geckoboard is already compliant with many aspects of this and we are currently implementing systems and process to ensure we are compliant will all aspects by the 25th May 2018 deadline. These rights include:
Right to be informed
Right of access
Under GDPR you have the right to obtain:
- Confirmation that your data is being processed;
- Access to your personal data; and
Right to rectification and data quality
You have the right to have personal data rectified if it is inaccurate or incomplete, we will be publishing our procedures once finalized.
Right to erasure including retention and disposal
You have the right to be forgotten and can request the erasure of personal data when:
- It is no longer necessary in relation to the purpose for which it was originally collected/processed;
- You withdraw consent;
- You object to the processing and there is no overriding legitimate interest for continuing the processing;
- It was unlawfully processed (ie otherwise in breach of the GDPR);
- It has to be erased in order to comply with a legal obligation; or
- It is processed in relation to the offer of information society services to a child.
At Geckoboard we constantly evaluate potential threats to your personal data and act accordingly to understand and eliminate any risks to your personal data. This involves both technological and business process policies, including breach notices to both the ICO and with our customers, which are constantly under review.
As part of the information flow audit, we are additionally seeking assurances from partners based outside of the European Economic Area to ensure any personal data that is transferred to them is covered by adequate levels of protection for example under the EU-U.S. Privacy Shield Framework.
While we trade under the name "Geckoboard", our legal entity is called "Datachoice Solutions Ltd". As we're based in London, UK, in matters of Data Privacy and Protection Datachoice Solutions Ltd answer to the UK Information Commissioner’s Office (ICO). We register annually with the ICO under agreement number Z2476079.
Our nominated Data Protection Officer is our CEO, Paul Joyce.
If you ever want to contact us about how your data is handled then please send us an email to firstname.lastname@example.org and we'll get back to you.