In this post we would like to summarize our activities related to the adaptation of Konfeo to the requirements of General Data Protection Regulation (GDPR). The new regulations apply to both the area of cooperation between the Konfeo-Event Organizer and the Event Organizer-Participant relationship. The basic question that we had to answer was: are we only working on Konfeo’s adaptation to cooperation with our clients (Konfeo-Organizer), or are we also implementing additional solutions for the organizers?
Considerations
Definitely the easiest and fastest way would be to focus only on the appropriate preparation of Konfeo to process personal data of the Event Organizers and leave them to properly prepare for the processing of personal data of the Participants of their events. That would be the easiest way.
We thought, however, that it would be a good idea to provide the Event Organizers with a minimal solution that will secure them in the processing and protection of the Participants’ personal data. A solution that can be used or turned off, which could serve as an example for them to create their own mechanism.
After a short discussion, we decided to choose a more difficult path, but one that will give added value to our clients. After all, the system was created for them and thanks to them it develops – we remember it every day.
Five months before the GDPR entry into force
At the beginning of 2018, we informed the Event Organizers that we are auditing the system in order to adapt it to the regulations coming into effect on May 25. The analysis included, in particular, a review of the system’s functionality related to the right to remove, edit, block the processing and transfer of personal data of the Event Organizers and Participants of the events.
The results of the audit were promising. It turned out that apart from minor changes in system messages and the addition of appropriate checkboxes in registration forms, Konfeo has the appropriate solutions as a standard. That was great news, so we could focus on updating the system to the latest versions of the software to ensure the greatest possible security of data storage.
In April we sent to the Event Organizers information that two weeks before the GDPR entry into force we will prepare complete solutions required by the regulation. We also informed that:
- Konfeo meets in the standard the vast majority of the guidelines of the regulation, including the security of personal data storage;
- we have updated the system to the latest software versions.
We ensured that:
- we are going to change the appropriate system messages and the operation of some features;
- we are going to prepare and provide the Event Organizers with procedures for dealing with changing or deleting personal data of participants.
Two weeks before the GDPR entry into force
Keeping our word, two weeks before the entry of the GDPR we sent to the Event Organizers a complete set of information related to changes in the system. The legal changes included new provisions in the Terms of Service and the Privacy Policy as well as the Information Obligation. We have also announced the possibility of signing an electronic Data Processing Agreement (DPA) with Konfeo.
The changes in the system mainly focused on the separation of companies and other institutions from self-employment, as the GDPR protects the data of persons conducting business in their name.
An extremely important element of the message was information about the implementation of a system solution that ensures the compliance of registration forms with the GDPR. We gave the organizers a choice – they can use our solution free of charge or turn it off at any time. We have presented the content of new checkboxes in the registration forms with the information that by default they will appear in all events on 25/05/2018.
Finally, we announced the preparation of procedures for related with the right to change, delete, cease the processing or transfer of personal data. We made them available a few days later.
One day before the GDPR entry into force
A few days before the deadline, we tested the launch of new checkboxes in the registration forms, and we prepared the procedure for the night switch. On the last day we were monitoring, which of the Event Organizers decided to use our solution, and in case of doubt we contacted them.
On May 25, 2018, at 0.00 we switched the system to a new GDPR solution.
Life after the entry of the GDPR into force
The interpretation of the regulations will probably evolve in the coming months. We will make changes to our solution if necessary. There are still many questions for which there are no unambiguous answers. Various entities interpret the provisions a bit differently. We use the “textbook” solution, however we assume that we will simplify it in the near future.
On the other hand, we are delighted that the Event Organizers using Konfeo appreciated the changes we’ve prepared and the way they were introduced. We’ve heard a lot of good words and we can see that a large number of clients use our solution.
This is how we operate in Konfeo – concretely and for our clients.