Background Image
EU Flag

How Pubble has prepared for GDPR

What is GDPR?

The EU General Data Protection Regulation, GDPR (2016/679) is a regulation in EU law on data protection and privacy for all individuals within the European Union. It replaces the 1995 Data Protection Directive (Directive 95/46/EC). The GDPR lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

What changes have we made in order to comply with new General Data Protection Regulation (GDPR)?

The security and protection of our customers' data is of paramount importance to us and this has always been the case. We welcome the new GDPR as directed by the EU in order for every company to be more transparent about how customers' data is used. To that end, we have made changes to our Terms of Service, Privacy Policy and Data Processing Agreement as well as making significant technical changes to the Pubble app.

Changes to our Terms of Service & Privacy Policy

We have revamped our Terms of Service, Privacy Statement and Data Processing Agreements with particular emphasis on making them easier to understand and as transparent as possible. In summary, Pubble stores all personal data in the EU. Any personal data collected adheres to the "Privacy by default" guidelines as stated in the EU General Data Protection Regulation (GDPR). This means that the strictest privacy settings are applied to your personal data by default. The data collected is used solely for the purposes of providing a service to our customers and is not used for marketing purposes or sold to any third party under any circumstances.

What changes have we made to the Pubble app from a technical point of view in order to comply with GDPR regulations?

We have made significant changes to Pubble in order to comply with the GDPR.

  1. Privacy Panel

    The Admin Panel contains a new section allow our customers to set their privacy requirements in order to comply with the GDPR. We call this the "Privacy Panel". This section allows you to set your data requirements as well as being able to approve the sub-processors that Pubble uses.

  2. Full control over user data

    Under the GDPR data subjects have the right to access the personal data stored on their behalf. In addition, they have the Right to be Forgotten, the Right to Portability and the Right to Rectification of their data. Should a user enforce their rights, Pubble gives you (the Controller) complete control to ensure that you can accommodate your customers' requests in relation to their data.

  3. Access to personal data

    Data subjects can request and access any data that a data controller is holding on them and to find out if that data is being processed or not, where it's being held, and, for what purpose. From the visitor record, the data controller has access to and can manage all of the personal data that Pubble holds.

  4. Right to be forgotten

    The GDPR states that, if requested by the data subject, a company will have to erase the personal data that they are holding on that data subject and to cease any further processing of that data. If requested to do so, the data controller can erase the user data from the visitor record in the admin panel.

  5. Right to portability

    Data Portability is a new consumer right introduced under GDPR. The requirement states that a data subject will be able to receive personal data concerning them in a commonly used and machine-readable format free of charge. Users will then have the right to transfer or transmit this data to another controller or company. The data controller can export the visitor records to an electronic format from the visitor record

  6. Right to rectification

    The data subject has the right to rectification of inaccurate personal data concerning him or her. If requested to do so, the data controller can update the user data from the visitor record in the admin panel.

Extra data management options for Data Controllers

  1. Delete community & accounts

    On request, customers now have the option to delete their community on Pubble and/or member accounts. Note: Customers always had the ability to add/remove team members as necessary and this has not changed.

  2. Audit log & Data Breach Management

    Organisations need to be able to capture security events in the form of audit logs to be able to confirm if a breach has taken place, and if so, how to measure the impact of that breach and determine what needs to be reported to the DPA (if necessary) and, ultimately, the affected data subjects. The Pubble audit log tracks anything on the Pubble app that can be added, updated and deleted. This is an extensive list that includes things such as community, account, team members, visitor posts etc. The audit log records who made the change with an associated time stamp. This gives a community administrator a log to refer to in case of any security breach or an audit.

  3. Privacy Statement section for data controllers

    The Privacy Panel now has a section where our customers can reference their Privacy Statement. If the option is chosen to request consent from the data subject before submitting personal data to Pubble, the Privacy statement will be linked in the consent statement.

Individual App Settings

  1. Consent for personal data to be processed and shared

    Pubble has added an option to add a check box to each of the Pubble apps before a request to obtain personal data (See Image 1). This allows the data controller to explicitly request consent from the data subject to collect personal data from them.

What changes have we made to the Pubble website from a technical point of view in order to comply with GDPR regulations?

  • Account creation

    On creating an account, Pubble needs certain personal data in order to allocate the account correctly. The information we collect is name and email address. We have added a checkbox for users to agree to the Pubble Terms of Service and Privacy Statement at this stage. Users have to agree to the terms wherever a Pubble account is created e.g. if a new user is invited to an existing community or if the community offers self-registration.

Who should I contact if I have a question about Pubbe & GDPR?

You can send us a direct message if you have any questions about GDPR