WeConvene and GDPR
The EU General Data Protection Regulation (GDPR), will set a new standard for how companies use and protect EU citizens’ personal data. In-line with our ongoing commitment to data privacy and security we have spent the past couple of months analysing what GDPR means for us and defining the changes we need to make as part of our roadmap to compliance.
These changes are a large undertaking and touch nearly the whole of the WeConvene application so this is now a key development focus for us in the lead-up to the regulations coming into effect on May 25th 2018. And although GDPR is an EU regulation we will implement the policies for all our global users, as we believe the regulations represent best practice with regard to data protection.
There are three main concepts within the regulations that we feel are particularly relevant to us here at WeConvene and it is in these areas where we are focusing our compliance efforts:
- Data controller - The organization or individual that determines the purpose and manner of the data processing.
- Data processor - The organization or individual that processes data on behalf of the data controller.
- Data subject - This is a living individual who the personal data is about.
WeConvene is both a Data Controller and also a Data Processor and in order to comply with specific responsibilities for each, we are making changes to our documentation, internal processes, how we capture and store data and most importantly, our ability to ensure personal data is non-identifiable.
WeConvene as “Data Controller”
For our users WeConvene is the “Data Controller” as we have a direct relationship with the “data subject” and as a “Data Controller” we are specifically making changes in the following areas:
- Updates to our terms of service, privacy statement and security policy to reflect upgrades to our internal processes and systems. Our goal is to ensure that our users are fully aware of their rights with regard to the collection and use of their personal data e.g. How long we keep data, what data we keep, who we share data with and for what purpose.
- Enhancements to our onboarding process, so that users only receive communications from WeConvene once they opt-in.
- Addition of a ‘Manage my preferences’ section for all registered users to manage their communication preferences at any time.
- Review of the 3rd party service providers that we use to enhance the WeConvene user experience (live chat, customer support systems etc.) to ensure that they are also implementing GDPR friendly policies and systems.
- Changes to our internal system processes that give us the ability to process any client requests for personal data retrieval or removal.
WeConvene as a “Data Processor”
WeConvene also processes data on behalf of “data controllers”, where we may not have a direct relationship with the “data subject”. An example of this would be an Investor Relations user uploading their investor list onto WeConvene - here WeConvene is the “Data Processor” and for this scenario we are specifically engaging in the following:
- Checks on our internal processes and user facing systems to confirm that in all cases we only process data as instructed by the data controllers and ensure we have the appropriate technical and organisational measures to comply with the regulations.
- Updates to our internal system infrastructure so we have the ability to process any request from the data controller on behalf of their clients.
- Analyzing our use of other data processes and ensuring that we submit to the specific conditions for using these other processors.
GDPR will result in significant changes to the data privacy landscape and we are taking very seriously the responsibilities we have regarding the correct use of our users data and are dedicating significant resources to ensure we have best practice standards in place for when the regulations come into effect. If you would like more information or have follow-up questions please reach out to us at firstname.lastname@example.org
WeConvene is a global, independently owned web-based platform that automates corporate access consumption and evaluation for the investment community. Events large and small directly impact investment strategies and WeConvene provides value to buy-side, sell-side and corporate organizations by enabling efficient discovery, booking and tracking of meetings. To learn more, visit us at www.weconvene.com or request a demo.
More News & Resources
How to Manage Complex Events the Easy Way
Putting together an event schedule is always a time consuming process. Aligning meeting participant’s availability; deciding locations; making sure meeting rooms are available; factoring in travel time and then trying to get the right investors into meetings is rarely a straightforward process. But after speaking with hundreds of event organizers across the corporate access and investor relations space, two types of events are specifically highlighted as causing a scheduling headache:
The Unsustainable Mismatch in Pricing for Corporate Access
The operating model for Corporate Access delivery has remained relatively unchanged since its inception as a service, but post-MiFID II the traditional providers of corporate access (the sell side) are realizing they need to perform a radical review of their corporate access offerings to ensure the business remains viable and sustainable. This will have far reaching implications for the entire corporate access ecosystem and result in it looking very different in 12-18 months time - something that will also have a significant knock-on effect for Investor Relations (IR) teams.
Bloomberg and WeConvene Announce New Partnership
Today, Bloomberg and WeConvene announced plans to centralize corporate access events on the Bloomberg Professional service. By partnering with WeConvene, a provider of web-based tools that streamline the corporate access process for the global investment community, Bloomberg will distribute events on a permissioned basis to its network of investment professionals.
MiFID II: The New Reality for Investor Relations
A tremendous amount of work has been done on both the buy and sell side, quantifying, implementing and testing new technology and processes in an effort to comply with the MiFID II regulatory requirements. One group of MiFID II stakeholders however, still seems to have its collective head in the sand: Investor Relations Teams. In this whitepaper we examine the new reality of a post-MiFID II world for Investor Relations teams and what they need to prepare for.