Last updated on November 16, 2023

avatar
Privacy Team @ Yotpo
May 13th, 2018

This post has been updated with new info to help you prepare for GDPR…

Table Of Contents

As a Privacy by Design company, Yotpo is committed to protecting our customers’ and end-users’ personal information. We uphold the value of data privacy and security in everything from storing user details to planning and designing new features.

While this post focuses on the GDPR, we’re already getting ready for the California Consumer Privacy Act, which is set to come into effect in 2020 — and we’ll be here to answer all your questions on that as well. For more info on our privacy policy or to ask a specific question, please feel free to send an email to our Data Privacy Officer at privacy@yotpo.com.

 

GDPR brings a new framework for how personal data is handled and protected for EU residents. As online businesses continue to expand across borders, it is likely this new regulation will affect you.

At Yotpo, the protection of your data is our top priority. We are committed to GDPR readiness by May 25th, and are dedicated to ensuring that you can meet your obligations too with our highly robust approach to data protection.

How is Yotpo helping you prepare for your business’s obligations under GDPR?

Updated Terms of Service agreement and Privacy Notice These now convey Yotpo’s commitment to the GDPR and your users’ right for privacy.

Secure transfer of user data – Facilitating user data transfers outside of the EU is enabled when relying on the EU Standard Contractual Clauses. If you are transferring user data to the U.S. or other countries outside of the EU, take a look at our Online Data Processing Agreement to understand more about your obligations.

Platform updates – If you collect data about EU residents, you are likely considered a data controller under the GDPR. What this means is that you will need to manage your customers’ requests to exercise their rights under this new regulation. We have developed new product features to support your business in processing data subjects requests.

How is Yotpo supporting your management of customers’ rights under GDPR?

Right to access – Your customers may ask to access any of the personal information your company keeps. To support you when collecting your customers’ data, we developed a new API to probe our systems and verify if Yotpo processes any data of a specific user. This API also enables you to retrieve this data via secure email from Yotpo once requested.

Right to rectification – GDPR gives EU residents the right to change or amend any inaccurate personal data that a controller may be storing. When it comes to these types of requests from customers, Yotpo’s support team has undergone training to work closely with you on updating your data subject requests.

Right to erase – The new regulation allows for customers to request that you remove their personal data from your records. As your user generated content processor, we have built a functionality to erase your customers’ personal data quickly and easily on request. For more information, you can get in touch with our support team here or your dedicated CSM.

Tip: We also recommend that you evaluate if future orders of that customer will trigger a review request email. If so, all you need to do is add the requester’s email address to our blacklist. Here is how you can remove a customer from Yotpo’s email system.

Right to data portability – Your customers’ also have the right to request the personal data your company has collected about them. Our new API gives you the ability to retrieve this information quickly via a secure email.

Right to restriction of processing – Your customer may request to freeze the processing of his or her data. Using your Yotpo back-office, you can quickly remove this customer email address from Yotpo’s email delivery system. You can also retrieve all of the user’s information and suspend all published UGC so that it will no longer be displayed on your site or marketing channels.

GDPR will set the standard for how personal data is regulated and protected around the world, and reflects how we think and operate here at Yotpo when it comes to your data privacy. As we gear up to GDPR compliance, we are committed to helping you with your GDPR readiness in the lead up to May 25th.

Please do not hesitate to contact me with any question or comments at privacy@yotpo.com.

So, what is GDPR?

GDPR is changing the way businesses all over the world process and handle customer data.

As our clients trust us with some of their customers’ most valuable data, we are dedicated to ensuring the highest standard when it comes to their data privacy. We are compliant with SOC2, and now working diligently toward GDPR compliance by implementing strong privacy protections in line with the new requirements.

Ahead of GDPR coming into effect on May 25th 2018, we are committed to giving you all the information you need to navigate this new regulation.

The General Data Protection Regulation (GDPR) is a new law that regulates how the personal data of EU residents can be collected, used, and processed by businesses. As the most important set of laws relating to data privacy of the last 20 years, GDPR will affect how any company big or small collects and handles the personal data of their customers.

It will codify the rules of preexisting EU data protection laws, but also includes new regulations that expand the protection of the right to privacy of EU residents by introducing new requirements for data controllers and processors.

What does GDPR mean for my business?

GDPR gives individuals more rights when it comes to the usage of their data and, as a result, provides new guidelines for any business that collects or processes the personal data of its customers.

If you are wondering what ‘personal data’ means, it is defined in the GDPR as “any information relating to an identified or identifiable natural person.” The new regulation includes expanded rights regarding personal data, added security requirements for organizations, and secure transfer mechanisms between entities both within and outside of the EU. This means that GDPR can also apply to US entities with services that are provided to EU customers, for example.

The requirements of GDPR create a new standard for data protection, and are just good business practice when it comes to creating better transparency and trust between brands and customers. You can find a detailed guide explaining the day-to-day responsibilities of businesses when it comes to the personal data of its customers here.

How do I prepare?

There are a few things you may want to take into consideration when preparing for GDPR:

  • Updating your privacy policy in light of the new laws
  • Understanding your responsibilities under GDPR
  • Taking into consideration your employees and third party obligations

Every business is different, and may have different obligations under GDPR, so our best recommendation to you is to find out how the new regulation may affect your business by consulting with a lawyer.

You should also consider checking that any SaaS vendor your business uses is GDPR compliant as we near closer to May 25th.

Data protection means better business

If a consumer is confident that their data will be protected, they can feel easier about sharing their personal information when active online. As the eCommerce space continues to grow, these new laws provide an excellent framework for the protection of customer data privacy.

“Yotpo is all about providing consumers with a trustworthy shopping experience, and that extends to reviewers who share their thoughts, photos, and more. This is why we are committed to GDPR compliance, protecting privacy, and ensuring all customers feel confident with every interaction.” — Tomer Tagrin, Yotpo Co-founder & CEO

We are excited to offer the highest standard of service when it comes to our customers and are committed to keeping you updated as you make your preparations for GDPR.

If you have any questions or concerns regarding the new GDPR laws, feel free to get in touch with Yotpo’s Data Protection and Compliance team by visiting our website.

 

Please note that this post does not include any legal or professional advice. You should consult with your legal counsels and IT experts for compliance with privacy and data protection laws.