Bookeo & GDPR
On May 25, 2018, the new European privacy regulation called The General Data Protection Regulation (GDPR) will come into effect. The regulation includes specific requirements regarding how businesses can collect and process personal data of individuals who are in the Union, and how they must protect it.
More information and guidance on GDPR can be found on the European Commission and the Information Commissioner’s Office websites.
Here’s the definition of a few key terms of the GDPR:
- Personal data: ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Controller: the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data.
- Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Is Bookeo a controller or a processor?
Bookeo is a controller for the personal data it collects for its own customers: the business owner and the account users/resources.
Bookeo is also a processor, since your business uses Bookeo to collect and process personal data of your customers.
Is my business controller or a processor?
Your business is a controller, as it determines the purposes and means of the processing of personal data.
Is your organization required to comply with the GDPR?
The GDPR applies to your organization if your organization has an establishment in the EU or if it provides services to customers in the EU, and it specifically targets individuals in the EU (for example by offering services designed for customers in the EU, by running geographical marketing campaigns targeting the EU, listing prices in Euro, etc).
This is an important point to note: if your business is not based in the EU, and it offers services to customers outside the EU, and it does not specifically targets individuals in the EU, it is not subject to the rules of the GDPR.
If you are in doubt whether your organization is subject to the GDPR, we recommend seeking independent legal advice.
Do I need to make changes to my Bookeo account to work toward GDPR compliance?
If your business must be GDPR compliant, we encourage you to read this page about Bookeo and GDPR, with information on the actions you should take to work toward GDPR compliance for your Bookeo account: https://www.bookeo.com/gdpr/