By now you’ll have no doubt received numerous emails from companies preparing for the upcoming GDPR legislation.
The General Data Protection Regulation (GDPR) is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.
You might want to know how this is going to affect your own obligations and those of the third party tools you use. After all, failure to comply could mean fines of up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher!
Here we’ll take a look at how Raygun is handling things for you to remain GDPR compliant.
What do customers need to do to become GDPR complaint with Raygun by 25 May 2018?
Great question. We’ve been working hard for a long time on making this as easy as possible for our customers. You can now complete the agreement (DPA) from your Plan Settings page. This can be found by clicking on the top right dropdown in the Raygun app and then clicking on your plan name.
This includes being able to set who your Data Protection Officer and European Union Representative is. This creates the agreement between Raygun and your organization.
Behind the scenes, we’ve been working hard to ensure that we reduce the PII footprint we have. Customers can still opt-in to sending PII data, but backend systems have all been hardened to reduce the reliance on that data.
Beyond this, we’ve also added some helper filters. This allows you do things like opt out of IP address storage. While not required, we know our customers have different needs.
What’s Raygun’s position on GDPR?
GDPR is a positive step forward for consumer privacy and control of their data. A lot of what is required, Raygun already did, so it won’t be changing our day to day operating approach.
Having said that, like many of you, it’s been time consuming to help automate the processes for our customers. We’re looking forward to moving forward with our normal development processes.
What customers should do inside Raygun, in the event of a deletion request?
Part of our GDPR compliance work was to ensure we expose the controls that allow you to:
- Find a users data
- Export the users data
- Delete the users data
You will not need to rely on a Raygun team member to do this for you. It’s all built right into the Raygun app.
Of course, we love talking with our customers, so if you have any issues here, please contact us and we’ll be glad to help.
How long does it take to ensure the data is deleted?
Raygun stores a lot of data for customers. A single customer could easily account for hundreds of gigabytes of data. Due to this, deletes can take some time to process. When a delete is triggered, a background process starts removing the data associated with that user. It can take time, but you should be thinking in minutes or hours, not days or weeks.
How do I know that when a deletion action is taken, that data is definitely not kept inside Raygun?
Firstly, all activity in Raygun is audited. So in the audit log you’ll be able to see that a deletion was made. As GDPR is partly about the right to be forgotten, we do not audit log ‘who’ was deleted, but the user who requested that a deletion occur (classic catch 22!).
Secondly, the GDPR does create a binding agreement between our organization and yours. Under this agreement, we are liable if we were not to undertake this action as requested.
I’m not an EU resident and my company is based outside of EU, so why is Raygun telling me about GDPR?
If you have further questions please do not hesitate to contact us.