WeConvene and GDPR
The EU General Data Protection Regulation (GDPR), will set a new standard for how companies use and protect EU citizens’ personal data. In-line with our ongoing commitment to data privacy and security we have spent the past couple of months analysing what GDPR means for us and defining the changes we need to make as part of our roadmap to compliance.
These changes are a large undertaking and touch nearly the whole of the WeConvene application so this is now a key development focus for us in the lead-up to the regulations coming into effect on May 25th 2018. And although GDPR is an EU regulation we will implement the policies for all our global users, as we believe the regulations represent best practice with regard to data protection.
There are three main concepts within the regulations that we feel are particularly relevant to us here at WeConvene and it is in these areas where we are focusing our compliance efforts:
- Data controller - The organization or individual that determines the purpose and manner of the data processing.
- Data processor - The organization or individual that processes data on behalf of the data controller.
- Data subject - This is a living individual who the personal data is about.
WeConvene is both a Data Controller and also a Data Processor and in order to comply with specific responsibilities for each, we are making changes to our documentation, internal processes, how we capture and store data and most importantly, our ability to ensure personal data is non-identifiable.
WeConvene as “Data Controller”
For our users WeConvene is the “Data Controller” as we have a direct relationship with the “data subject” and as a “Data Controller” we are specifically making changes in the following areas:
- Updates to our terms of service, privacy statement and security policy to reflect upgrades to our internal processes and systems. Our goal is to ensure that our users are fully aware of their rights with regard to the collection and use of their personal data e.g. How long we keep data, what data we keep, who we share data with and for what purpose.
- Enhancements to our onboarding process, so that users only receive communications from WeConvene once they opt-in.
- Addition of a ‘Manage my preferences’ section for all registered users to manage their communication preferences at any time.
- Review of the 3rd party service providers that we use to enhance the WeConvene user experience (live chat, customer support systems etc.) to ensure that they are also implementing GDPR friendly policies and systems.
- Changes to our internal system processes that give us the ability to process any client requests for personal data retrieval or removal.
WeConvene as a “Data Processor”
WeConvene also processes data on behalf of “data controllers”, where we may not have a direct relationship with the “data subject”. An example of this would be an Investor Relations user uploading their investor list onto WeConvene - here WeConvene is the “Data Processor” and for this scenario we are specifically engaging in the following:
- Checks on our internal processes and user facing systems to confirm that in all cases we only process data as instructed by the data controllers and ensure we have the appropriate technical and organisational measures to comply with the regulations.
- Updates to our internal system infrastructure so we have the ability to process any request from the data controller on behalf of their clients.
- Analyzing our use of other data processes and ensuring that we submit to the specific conditions for using these other processors.
GDPR will result in significant changes to the data privacy landscape and we are taking very seriously the responsibilities we have regarding the correct use of our users data and are dedicating significant resources to ensure we have best practice standards in place for when the regulations come into effect. If you would like more information or have follow-up questions please reach out to us at firstname.lastname@example.org
WeConvene is a platform for the capital markets community focused on making the creation, distribution, marketing and execution of meetings between Analysts, Corporates, Investors, IR firms, Expert Networks and Investment Banks - efficient, easy and economically viable. To learn more, visit us at www.weconvene.com or request a demo.