The countdown for GDPR is on. The new data protection law covering all individuals within the EU region will take effect on May 25, 2018. It applies to any organisation (within or outside the region) that has, or targets customers who live in the EU.
What is GDPR?
GDPR has been introduced to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international businesses. When GDPR takes effect, it will replace the 1995 Data Protection Directive (Directive 95/46/EC).
For many, preparing for GDPR may feel like a daunting task. But to help, we have introduced several new features and functionalities in the latest 7.5 release that are designed to assist you with compliance.
5 tools to help you with GDPR
Marketing Emails Opt-In during Checkout and Signup
With this feature you can have greater flexibility over how you obtain consent to marketing and promotional emails. The new functionality allows you to choose how and when you ask your users to give consent, with new options during both registration and checkout.
The Marketing Email settings can be found in Setup > General Settings > Other
Expanded Marketing Email Capabilities
In an expansion to the Marketing Emails Automation
features, now in addition to being able to opt in or out of marketing emails at any time from within the client area, new email merge fields allow you to include opt-in and and opt-out links in any emails you send, giving you another way to gather consent from your customers and making it easy for them to opt-out at any time.
A new one-time conversion tool also helps you to easily migrate from the current opt-out email marketing system to the new opt-in system, along with expanded mass mail sending criteria that allows you to target specific countries with your emails.
Marketing Emails Consent Logging
Recording when consent is given is an important part of the concept of accountability in GDPR.
With that in mind, we've introduced a new consent log that records each time the consent setting is changed showing: the date/time of that change, who it was initiated by and the IP address of the user. This new log can be accessed via the Profile tab within the admin client's profile.
Data Retention Policy Automation
New to WHMCS 7.5 is a data retention policy automation feature that allows you to define a period of time for which client records should be kept. This feature will help you comply with the right to erasure (or right to be forgotten) aspect of GDPR.
This feature allows you to automatically enforce your data retention policy in relation to the length of time you keep your client records for. When enabled, once the required period of time has passed with no activity, customer records can be automatically purged.
The new Data Retention Settings can be found in Setup > Automation Settings located in a new section of the same name.
Client Data Export
One of the individual rights of GDPR is the right to data portability.
To help you meet requests you receive for data transfer requests, we've introduced a new export feature that allows you to export an individual customers data in structured JSON format.
With support for exporting profile, service, billing and ticket history, the export can include all personal information relating to a single customer.
Compliance should not be hard
With May 25 just a little over a month away, it's important that you take the necessary steps for your organisation to be ready when GDPR takes effect. We hope these new tools available with WHMCS 7.5 make it easier for you to meet your compliance needs and obligations with GDPR if you choose to use them.
If you would like to learn more about GDPR and how WHMCS can help, refer to our earlier blog post: How can WHMCS help with GDPR compliance
Please note these are guidelines only and should not be relied upon as legal advice. If you have any questions please contact the ICO or seek independent legal advice.
Liked this article? Share it