GDPR Updates

As you may know we are hard at work on an exciting new version of CurrentBusiness that strives to provide an even greater seamless, integrated experience to help your team work smarter and faster. That being said we have not forgotten about the General Data Protection Regulation (“GDPR”) and wanted to give you an overview of what will be happening in the next few weeks.

What is the GDPR?
On May 25, 2018, a new EU privacy regulation will come into effect called the General Data Protection Regulation. It imposes stricter requirements on businesses with regard to how they collect, store and manage personal data (e.g. name, email, address, date of birth, personal interests, unique identifiers, digital footprints and more) of EU citizens, regardless of whether the data processing takes place in the EU or not.

We have always taken data privacy and security practices very seriously. In light of the GDPR we have reviewed our data processes and practices to ensure we will be compliant by May 25, 2018. In doing so we realized our current software license was drafted in a way that makes it very difficult to update when new legislation is passed by different regions throughout the world. In order to accommodate both the GDPR and future updates we are splitting our software license agreement into separate sections that work together and can be revised to keep with changing regulations (“Terms”).

• Customer Terms
What’s new? Replacing our Terms of Use, the new Customer Terms includes links to the Data Processing Agreement and has improved the explanation of ownership, administration and customer responsibilities. We ask you to please read the Customer Terms carefully to make yourself familiar with the new information. In particular, the Customer Terms explain what data can and perhaps more importantly, cannot be stored in CurrentBusiness.

• Data Processing Agreement
The GDPR comes into effect on May 25, 2018, and it imposes tougher obligations for organizations when handling personal data of EU citizens. Our new Data Processing Agreement explains our responsibilities as the Data Processor of the data you hold in your CurrentBusiness account and your increased responsibilities as the Data Controller.

• Privacy Agreement
Our Privacy Policy terms have been revised to comply with GDPR, and we’ve brought them in line with the style and content changes of the new Customer Terms.

• CBMAM Terms
CBMAM has always had separate terms from CurrentBusiness. Now that we are reorganizing the previous software license agreement we have the flexibility of adding a CBMAM provision without requiring a completely separate software license agreement for CBMAM customers.

What is CurrentDesk doing to prepare for the GDPR?
GDPR can seem demanding initially. The emphasis behind it is about respecting customers’ data and processing only the data necessary to deliver the service or product. We already have features in place to help you manage your customers’ data correctly. Here’s a list of some features and suggestions to help you with compliance:

Limited Third-Party Data Transfers
GDPR focuses on controlling data and limiting the amount of people that have access. CurrentBusiness now gives you the ability to define exactly which fields you want passed to the any third-party trading platform. In order to set this up simply use the new advanced setting “Trading Account Modification”. This means that moving forward only the requested data will be passed to the trading platform limiting third-party access to your data.

Data Requests
An individual may request access to the data you have stored about them in CurrentBusiness. This can be referred to as a “Subject Access Request”. We are still working on a solution that will allow you to export this information to any client. In the meantime, support can give you an export on a per request basis.

Permanently Deleting Data
Also, under the GDPR there is emphasis on the right to be forgotten, enabling an individual to request that their data be deleted. In the v2.0 version of CurrentBusiness you will be not only be able to delete a single user but will have the ability to batch delete a list of users. Until then if there is a case in which a client requests to be forgotten you can simply open a support ticket in which we will complete the deletion upon request.

GDPR Resources
One of the best resources is the advice given by the UK Information Commission Office. It is responsible for implementing the GDPR legislation in the United Kingdom.

The Information Commissioner has also started posting a series of myth-busting articles that set out to explain that GDPR is an evolution, not a revolution. The series clarifies questions like “Do you require consent to process personal data?”.

We will be giving current customers now until May 25, 2018 to familiarize themselves with the Terms before they go into effect.

When logging in as an admin to CurrentBusiness you will have the option to agree to the Terms. In order continue using CurrentBusiness after May 25th you will be required to agree to the new Terms.

Although you might not be impacted by these changes, we wanted to ensure you have plenty of time to prepare.