GDPR: what we are doing to stay compliant

The GDPR will have a long-standing impact on the regulatory environment in the European union. As we approach the compliance deadline, we want to reassure our customers about our continued commitment towards data protection. Leonardo Hodgson, Product Manager at Cerillion, lists out the steps that we have taken to help businesses become GDPR compliant.

The landmark General Data Protection Regulation (GDPR) will come into effect in just about a week from now. The GDPR will replace old rules around data protection and will expand the EU individual privacy rights. This new updated regulation mandates new obligations for data controllers (SaaS customers) and data processors (SaaS suppliers).

What is Cerillion doing about GDPR?

As a data processor, we have always prioritised the highest data security standards in our products and processes. In order to be GDPR compliant, we completed a comprehensive GDPR audit, including data mapping and gap assessment to identify and execute the necessary modifications to our processes to comply with the key provisions of the new regulation. We are also overhauling our Terms of Services to be GDPR compliant and reaffirm our commitment towards data protection for our internal stakeholders as well as our valued customers.

Cerillion Skyline and GDPR

Cerillion Skyline, our cloud billing platform, has been supercharged with several features to ensure that your business (data controller) is compliant with GDPR. Let’s look at some of the key features available to the users of Cerillion Skyline:

Right to be informed

• All payment-related pages such as order checkout, payment updates, subscription renewal or manual payment, provide full disclosure on whether the payment information inserted by the user will be retained or not. This ensures complete transparency to your end customers about their private data.
• The solution can even be configured to have an option to store credit card information for different types of pricing models, allowing you to flexibly restrict the amount of stored data to a minimum, ensuring full compliance.

Explicit consent for data processing

• Cerillion Skyline allows administrator-level users to create and manage one or more customised messages and checkboxes asking for customer consent to store their personal information for contractual and/or marketing purposes. These checkbox messages can be set as optional or mandatory and can be presented at the bottom of the screen to secure explicit consent when new accounts are created.
•  A new page "My Company > Company > Data Security" has also been  specifically added to provide a facility to fully manage the customer consent checkboxes.

Right to data erasure

• Authorised users can delete accounts and customer records from Skyline, if required. To delete an account, it must have a  ‘closed’ status without any live (trial/inactive/active) subscriptions or outstanding invoices.
• Customer and account details can be  easily managed to individually update or remove specific contact details or payment information as per requirement.
• A system level configuration option on the Data Security page,  has been included to enable  the system to automatically delete accounts and customer records after a certain amount of time which can also be configured easily.

The GDPR is going to add a lot more responsibility and obligations to most digital businesses which are data controllers. As a business owner, it is important to engage with software vendors that have geared their systems and processes for GDPR compliance. Done the right way, the GDPR indeed is a great opportunity for your business to become more transparent and boost customer loyalty.