GDPR will have a long-standing impact on the regulatory environment in the European Union. As we approach the compliance deadline, we want to reassure our customers about our continued commitment towards data protection. Leonardo Hodgson, Cerillion Skyline product manager, talks through the steps that we have taken to help businesses become GDPR compliant.
The landmark General Data Protection Regulation (GDPR) will come into effect in just over a week from now. GDPR will replace old rules around data protection and will expand the individual privacy rights of EU citizens. This new regulation mandates specific obligations for data controllers (SaaS customers) and data processors (SaaS suppliers) which are further described in this previous blog
What is Cerillion doing about GDPR?
As a data processor, we have always prioritised the highest data security standards in our products and processes. In order to prepare for GDPR, we completed a comprehensive GDPR audit, including data mapping and gap assessment to identify and execute the necessary modifications to our processes to comply with the key provisions of the new regulation. We have also overhauled our Terms of Service to set out our responsibilities as a data processor distinct from our customers’ responsibilities as data controllers.
Cerillion Skyline and GDPR
Over the past 6 months, Cerillion Skyline, our cloud billing platform, has also been updated with several new features to ensure our customers can comply with the new regulations:
Right to be informed
- All payment-related pages including order checkout, payment card updates, subscription renewals and manual payments, provide full disclosure on whether the payment information provided by the user needs to be retained. This ensures complete transparency for your end customers about their sensitive personal data.
- Skyline can also be configured with separate payment card storage rules for different types of pricing models (e.g. one-off payments or recurring subscriptions), allowing you to limit the amount of data stored to the minimum required to provide the service.
Explicit consent for data processing
- Skyline enables administrator-level users to create and manage multiple consent messages and checkboxes that are used to gain agreement from customers to store and process their personal information for contractual and/or marketing purposes.
- A new Data Security feature brings together all the consent configuration in one central place, making it easy to manage and maintain all customer consent messages and checkboxes.
Right to data erasure
- Customer and account details can be easily managed to individually update or remove specific contact details or payment information, providing they are not required to fulfil the terms of service.
- Selected users (e.g. managers or supervisors) can also be granted permission to delete accounts and customer records, on request, and subject to specific conditions, to support the right to be forgotten.
- Furthermore, in order to retain data only for the duration required for contractual or legal reasons, system level configuration can be set to enable the automatic removal of closed accounts after a configurable period of time.
GDPR is going to add a lot more responsibilities and obligations on any company with customers in the EU. As a business owner, it is therefore vital to engage with software vendors that have geared their systems and processes for GDPR compliance. Managed in the right way, GDPR is a great opportunity for businesses to become more transparent and customer centric.
Explore the key features of Cerillion Skyline now to find out how it can help your business to prosper from the subscription revolution.