“On 25 May 2018 most processing of personal data by organisations will have to comply with the General Data Protection Regulation”
There has been a lot of confusion surrounding the topic of GDPR as we fast approach the deadline.
With so much vague, ambiguous and contradictory content being produced on the subject, it has created a lot of complication and at times panic for businesses who aren’t quite sure just as to how GDPR will influence their day-to-day working environments.
This notice intends to deliver reassurances of what Whoisvisiting users need to know in relation to the software and business organisation.
Just like the Data Protection Act 1998, the GDPR deals with personal data – data relating to a living individual rather than a corporate entity.
The GDPR includes the following rights for individuals:
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including
At Whoisvisiting.com we are well aware of the incoming GDPR guidelines and have been preparing our company for full compliance with these law changes as of May 2018.
We would like to clarify that Whoisvisiting as a software is fully compliant with the GDPR requirements.
Essentially, the GDPR introduction has the intention and purpose of protecting the privacy of individual EU citizens. The information provided by website visitor tracking is not relevant to the GDPR legislation which focuses on the protection of individuals details and privacy.
An IP address on its own is not personal data. This is because it is focused on a computer and not the individual using that device. In addition, we only provide business related (B2B) leads through to you and therefore the opportunity to reach out to these businesses is the same as any other marketing approach you may take when reaching out.
As a tool which enables you to learn more about the businesses visiting your website, there is no conflicting association with the GDPR. With relevance and legitimate interest at the forefront of the GDPR structure, website visitor tracking becomes more significant in this situation.
Inbound marketing has an even greater influence than ever before as it is the clearest way to qualify interest and relevance. Marketing towards a business who have displayed a level of interest is completely justifiable and in-line with the law and matches the agenda of the process.
Processor of Personal Data
In terms of being a processor of personal data, we will be ensuring that all of our channels are reflective of the necessary procedures across all elements of our business structure.
Following the key steps recommended by the ICO:
Whoisvisiting has made sure that decision makers and key people in our organisation are aware that the law is changing to the GDPR. And all have appreciated the impact could potentially have on the business.
The Information Held –
Whoisvisiting ensures to document all personal data held, where it came from and who it is shared with.
Communicating Privacy Information –
We have reviewed our current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
Individuals’ Rights –
Whoisvisiting has attended our procedures to ensure we cover all the rights individuals have, including how we would delete personal data or provide data electronically and in a commonly used format.
Subject Access Requests –
Whoisvisiting has updated our procedures and made plans for how we will handle requests within the new timescales and provide any additional information.
Lawful Basis for Processing Personal Data –
We have reviewed how we seek, record and manage consent.
Data Breaches –
Whoisvisiting has made sure we have the right procedures in place to detect, report and investigate a personal data breach.
Data Protection by Design and Data Protection Impact Assessments –
We have familiarised ourselves now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in our organisation.
Data Protection Officers –
We have designated someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements.
As an organisation operating in more than one EU member state (ie carry out cross-border processing), we have determined our lead data protection supervisory authority.
GDPR Business Checklists
– GDPR checklist for data controllers
– GDPR checklist for data processors
Please be aware this information is not legal advice and the notice is with the intention to inform Whoisvisiting clients of the procedures being implemented for compliance as of May 25th, 2018. For further details regarding GDPR for your own business, please refer to the Information Commissioner’s Office documentation