We are proud to announce that Purple is now General Data Protection Regulation (GDPR) compliant, having unveiled our revised privacy policy and brand-new Profile Portal today, which gives end users complete transparency of all the data collected about them. The EU legislation doesn’t officially come into force until May 25th 2018, but as the first mover in our market we felt it was logical to become the first GDPR compliant WiFi provider.
Lots of organisations are actively talking about what people need to do, how difficult it is going to be to prepare for and the potential penalties for breaching regulations, but few are actively acknowledging and discussing compliance. Well, we’ve implemented the necessary changes early so that our European customers have one less GDPR headache to cure and end users have peace of mind that their data is well looked after and accessible around the clock.
For those who may not be familiar with GDPR, it harmonises existing data privacy laws in Europe and will reshape the way organisations approach data privacy. Ultimately, it places control of personal data firmly back with the individual, giving them the right to access their data and withdraw it if desired. If a company breaches the consumers’ rights then they will be fined up to 4% of revenue, or 20 million Euros, whichever is greatest.
So, what have we actually done to become compliant? Well, GDPR outlines that individuals have a “right of access” to the information a company holds on them and if requested the firm must supply the individual with their data within one month. At Purple we’ve gone one step further by providing users with ongoing access to all personal data captured after signing up for WiFi, as well as providing the functionality to update their marketing preferences and export data via our new Profile Portal.
The Profile Portal aggregates all of the information collected on the user when accessing WiFi at any Purple supported venue and is split into 3 main areas:
My Personal Information
This area allows the user to view all of the personal information that has been collected about them, which can include their first name, surname, email, date of birth and gender.
My Activity
Users can access a breakdown of their activities, including the venues they’ve visited, marketing communications received, surveys completed, devices used to login to the WiFi and the method used to connect to the network.
My communication settings
We’ve given users the ability to view their marketing preferences and choose which companies are permitted to send them future marketing communications in this area of the Profile Portal.
Of course, the GDPR rulings proved pivotal in developing the Profile Portal, but giving users complete transparency and the ability to completely control how their data is used isn’t actually a GDPR requirement. We decided to go above and beyond the regulations and develop the Profile Portal as it makes our platform stand out in the market and proves that we are passionate about data security. We’ve eradicated the big brother element of data capture and instead opened the doors and invited users to find out exactly what data is collected, how it will be used and by whom.
In accordance with the GDPR legislation we’ve also improved our privacy policy and access journey so that individuals logging into WiFi at a Purple venue have ‘unambiguous consent’, which means they are fully aware of the terms they are agreeing to. Here at Purple, we know all too well how people fail to read terms and conditions. We recently carried out an experiment by adding a spoof term to our T&Cs, asking people to carry out 1,000 hours of community service in return for free WiFi. Shockingly, 22,000 people agreed to this term during the two week experiment, which proves why it was necessary for us to make things clearer for users as well as meeting GDPR guidelines.
Now, when a customer ticks the consent box on the WiFi splash page, they will be presented with a “Terms Overview” screen explaining exactly how their data will be used. Our Privacy Policy has also been reduced from 1600 to just 260 words, which means no more tedious legal jargon, just simplistic language that clearly outlines what we collect, why we collect it and what we do with the data.
So, as a newly compliant business we are confident that these GDPR changes will not only put partners, customer and end users at ease but will actually prove highly beneficial moving forward. Although this is an EU regulation the new privacy policy and Profile Portal will be well received worldwide as data protection, privacy and security continues to invade the headlines.