TruConversion And The GDPR

What Is the GDPR?

The General Data Protection Regulation (GDPR) is one of the biggest legislative changes made since 1975. To be effective from May 25, 2018, the primary goal of these changes is protection of personal data and rights of EU residents.

Our Commitment toward GDPR

We are fully committed to upholding the privacy and rights of our customers and their customers. The essence of the GDPR is in direct alignment with our core values of customer trust and data privacy. With that in mind, we are actively working toward defining our roadmap for GDPR to overhaul our systems and processes in accordance with the standards. We are well on track to achieve this before May 25, 2018 deadline.

How Are We Preparing for GDPR?

Over the last couple of months, we have made steady progress toward understanding and analyzing how GDPR will impact our customers. This was made possible with the help of a focused group comprising experts on Corporate Security and Compliance and members from our senior leadership. Here’s a glimpse of our analysis and the steps we are taking to ensure compliance:

Establishing the Governance Structure

  • Start the GDPR compliance initiative with a dedicated focus group. – Completed
  • Create a comprehensive Privacy Management Framework that incorporates  best practices and organizational measures, divided into various data privacy management categories. – Completed
  • Conduct an assessment on product and business impact. – Completed
  • Initiate the internal Privacy and Security Awareness program. – Completed
  • Conduct Data Protection Impact Assessment (DPIA)  – Completed

Implementing Policies and Procedures

Embedding and Implementing Data Privacy into Operations

  • Prepare a detailed inventory of data and data-flows within our systems – Completed
  • Establish procedure and policy to restrict the processing of personal data – Completed
  • Set up mechanisms to automatically track flow of all data within and outside our systems – Planned

Existing Product Features Geared toward GDPR Compliance

We take utmost care to ensure that our customer data is secure and easily accessible. While we are constantly working toward enhancing our security parameters under the GDPR guidelines, TruConversion includes the following out-of-the-box capabilities geared toward protecting personal data and privacy:

  • Anonymize IP address: Provide security feature to Data Controllers on per domain basis to anonymize visitor IP address as a whole or by any number of octets.
  • Anonymize key presses in a recording: TruConversion provide three level of data obfuscation.
    1. If data sniffer detect that user may be entering credit card information, it automatically mask the input and store ‘*’ instead of actual entry.
    2. User specifically add data-mask attribute, so TruConversion never record the actual input instead add ‘*’
    3. By enabling this ‘Data Obfuscation’ settings TruConversion maske all keystroke data on input and text-area fields. On recording replay all the input data will be appear as masked.
  • Visitor Location: By default TruConversion store/show complete country, Region and city of your website visitor. From drop down you can selecte any option for TruConversion to store your visitor geolocation.
  • Disclaimer for Visitor Survey: User can add disclaimer statement with link for visitor to make them aware about the privacy rights. This statement will appear at the bottom of Micsurvey.
  • Disclaimer for Visitor Customer Survey: User can add disclaimer statement with link for visitor to make them aware about the privacy rights. This statement will appear at the bottom of customer survey.
For EU (European Union) Visitors: By default TruConversion will store/show the last octet as ‘X’ in IP addresses of the visitors from EU (European Union). This will work with IP Addresses settings selected by user from Privacy Options.

What do TruConversion Customers need to do?

Following things that you might need to do depending on your situation and jurisdiction. Below are the things which we think might affect you as a result of using TruConversion:

  • Website Audit
    1. FOR EU/EEA ACCOUNT: Make sure that your website should exclude Personal Data from tracking across all page content and form field. TruConversion blocked this automatically.
    2. FOR OTHER REGIONS: Make sure that your website should exclude Personal Data from tracking across all page content and form field.
  • IP Addresses
    1. FOR EU/EEA ACCOUNT: Dont worry about it. By default TruConversion will store/show the last octet as ‘X’ in IP addresses of the visitors from EU (European Union).
    2. FOR OTHER REGIONS: These setting are available for you in application under IP Addresses settings from Privacy Options.
  • Explicit Consent
    1. FOR EU/EEA ACCOUNT: You may need to obtain explicit consent to track visitor on your site. Recommendation is check the laws and regulations that apply to your website(s) and obtaining legal advice.
    2. FOR OTHER REGIONS: You may need to obtain explicit consent to track visitor on your site. Recommendation is check the laws and regulations that apply to your website(s) and obtaining legal advice.
  • Opt-Out
    1. FOR EU/EEA ACCOUNT: We recommend you to explain TruConvesion and offer Opt-Out to your website visitor depending on local laws/regulatios. Providing a link to our opt-out page: https://www.truconversion.com/opt-out.html
    2. FOR OTHER REGIONS: We recommend you to explain TruConvesion and offer Opt-Out to your website visitor depending on local laws/regulatios. Providing a link to our opt-out page: https://www.truconversion.com/opt-out.html
  • Test Campaigns
    1. FOR EU/EEA ACCOUNT: Make test campaigns in our platform to ensure all exclusions of Personal Data are functioning correctly.
    2. FOR OTHER REGIONS: Make test campaigns in our platform to ensure all exclusions of Personal Data are functioning correctly.


FAQ

When is the GDPR coming into effect?

The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive, it does not require any enabling legislation to be passed by the government; meaning it will be effective from May 25, 2018.

Whom does the GDPR affect?

The GDPR applies not only to organizations located within the EU but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the location of the companies.

What is the difference between a data processor and a data controller?

A controller is an entity that determines the purposes, conditions, and means of the processing of personal data, while a processor is an entity that processes personal data on behalf of the controller.

Where can I know more about the GDPR?

You can refer to the following links for more information on the GDPR and how you can prepare for it.