Lots of organisations are actively talking about what people need to do, how difficult it is going to be to prepare for and the potential penalties for breaching regulations, but few are actively acknowledging and discussing compliance. Well, we’ve implemented the necessary changes early so that our European customers have one less GDPR headache to cure and end users have peace of mind that their data is well looked after and accessible around the clock.
For those who may not be familiar with GDPR, it harmonises existing data privacy laws in Europe and will reshape the way organisations approach data privacy. Ultimately, it places control of personal data firmly back with the individual, giving them the right to access their data and withdraw it if desired. If a company breaches the consumers’ rights then they will be fined up to 4% of revenue, or 20 million Euros, whichever is greatest.
So, what have we actually done to become compliant? Well, GDPR outlines that individuals have a “right of access” to the information a company holds on them and if requested the firm must supply the individual with their data within one month. At Purple we’ve gone one step further by providing users with ongoing access to all personal data captured after signing up for WiFi, as well as providing the functionality to update their marketing preferences and export data via our new Profile Portal.
The Profile Portal aggregates all of the information collected on the user when accessing WiFi at any Purple supported venue and is split into 3 main areas:
My Personal Information
This area allows the user to view all of the personal information that has been collected about them, which can include their first name, surname, email, date of birth and gender.
Users can access a breakdown of their activities, including the venues they’ve visited, marketing communications received, surveys completed, devices used to login to the WiFi and the method used to connect to the network.
My communication settings
We’ve given users the ability to view their marketing preferences and choose which companies are permitted to send them future marketing communications in this area of the Profile Portal.
Of course, the GDPR rulings proved pivotal in developing the Profile Portal, but giving users complete transparency and the ability to completely control how their data is used isn’t actually a GDPR requirement. We decided to go above and beyond the regulations and develop the Profile Portal as it makes our platform stand out in the market and proves that we are passionate about data security. We’ve eradicated the big brother element of data capture and instead opened the doors and invited users to find out exactly what data is collected, how it will be used and by whom.
Read next: Top 10 Tips for GDPR