As ChatKitty grows, more and more customers who have operations in Europe have reached out for service and support. So naturally, their most asked questions are about GDPR. And we always tell them; ChatKitty was developed with GDPR in mind. We are a GDPR compliant processor.
What is GDPR?
The General Data Protection Regulation (GDPR) is a privacy and security law drafted and passed by the European Union (EU). It imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. This regulation was put into effect on May 25, 2018.
What data does ChatKitty store?
We store chat data on AWS encrypted servers as part of the chat solution we provide to our customers.
Who owns the data?
Our customers have complete control over their data. They can access, modify, delete, and transit their data any time upon user request.
How has ChatKitty approached GDPR?
ChatKitty was developed with GDPR in mind, so we had our focus on the following five components.
Access control – All access is restricted to the only designated system administrator that maintains those systems. No third party has access to the data ChatKitty stores as part of our operations.
Historical data – Our API currently allows customers to read all data they collected, and our customers can modify, delete, migrate the data upon user request.
Encryption – All API communication with ChatKitty is encrypted. We also allow our customers to use their encryption method to enhance protection.
Store and process – ChatKitty only stores chat data that our customers permitted it. ChatKitty does not process data for any purpose except when fulfilling data requests from our customers.
Audit and logging – All access to stored data is logged.
What additional steps has ChatKitty taken to comply with GDPR?
Appointed a Data Protection Officer (DPO) to oversee our compliance program.
Host ongoing discussions and training to educate the team to take data security as a priority.
Conduct periodic reviews on our data protection strategy to ensure changes to our service, such as making changes or developing features that will not jeopardize our store's user data.
Maintain formal processes around data subject rights to ensure we can help customers fulfill requests they receive.
Pay close attention to regulatory guidance around GDPR compliance and making changes to our product features and contracts when they’re needed.
We understand you have concerns about GDPR. We have made GDPR our priority while developing ChatKitty. We will continue to work hard to ensure we are compliant and transparent throughout the process. If you have any other questions about GDPR or other certifications and compliance, feel free to reach out at firstname.lastname@example.org.
This article features the image "Flag of the European Union in front of the EU-Parliament in Brussels, Belgium" by Christian Lue licensed under the Unsplash License