Introducing a set of new GDPR tools
GDPR, the European Union regulation aimed at strengthening and unifying data protection for all individuals within the European Union comes into force on 25th May. The regulation brings a huge change to European data security, but it also impacts many non-EU based business as well. If you’d like to find out more about GDPR you can read our previous blog post.
We have created a set of new features (introduced to 2018-04-30 HostBill version) that will help you to implement necessary changes to ensure GDPR compliance.
Get consent with GDPR-friendly forms
The GDPR sets a high standard for consent for gathering and processing personal data. Consent requires a positive opt-in, which means you can’t use pre-ticked boxes or any other method of default consent. Explicit consent requires a very clear and specific statement of consent and the consent requests must be separate from other terms and conditions.
HostBill gives you the opportunity to create a registration form that not only best suits your business needs but that is also compliant with GDPR requirements. Creating the registration form you can use various fields (text input, check boxes, select boxes) that can be set as required or optional. This way you can create various opt-in fields for separate terms and conditions. You will be able to customize the field names and legal text to explain the terms and its purpose.
Read more in the related article – Opt-in/out marketing consent
Provide your clients with highest professional standards of data handling.
HostBill now offers a set of features that are aimed at providing your customers with the best standards for data processing.
To control and configure main GDPR-connected features you can navigate to Admin → General Settings → Other → GDPR, where you can:
- Configure client data retention – decide if you want to automatically delete empty or inactive client profiles after certain period of time. Empty profiles are client profiles with no paid invoices, active hosting account, registered domain, unclosed support ticket, while inactive profiles do have paid invoices on file but no active account/domain or unclosed support tickets
- Decide if you want to allow customers to delete their accounts and if yes set the deletion delay
- Configure data export content
- Customize GDPR details report template
Read more in the related article – GDPR Admin Settings
The right to be informed
Under GDPR individuals have the right to be given information about how their data is being processed and why. With new HostBill feature you can create multiple policy links (for separate terms) that your client needs to accept in your client portal, by ticking the relevant checkbox. Agreeing on the given terms will be required for the customer to proceed to checkout. Configuring the links can be easily done from the GDPR section in HostBill Admin Panel→ Settings → General Settings → Ordering → General.
Read more in the related article – Multiple policies
The right to access
Individuals have the right to to obtain the confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. In HostBill each registered client has access to the overview of their personal information stored by you. Under My Account→ Overview client can view their details along with the purpose for each data that is being collected (billing or non-billing; defines whether or not the data is needed for invoicing and hence it may be required to keep that data for a given period of time).
HostBill admin area also provides you with the possibility to generate PDF report with client data, if you happen to receive data request from either present or former customer.
The right to be forgotten
GDPR gives individuals the right to have their personal data erased. With HostBill, your clients can request to have their account deleted and their data forgotten with just one mouse click (if you enable this option in your admin area). We’ve made sure that the client will be able to start the account removal process only if there are no unpaid invoiced linked to their account and there are no active services that can’t be cancelled. Requesting the account to be deleted will assign the account with the ‘pending removal’ status and deleted after certain period of time (determined in admin area GDPR settings section).
If the client requests for their data to be forgotten but are required to keep their data for a given period of time (for legal or tax purposes etc). you have the possibility to remove as much client information as possible, without removing the data required for billing/contract purposes. HostBill’s client anonymization feature allows you to close client profile, terminate client services, clear client changes log, emails and tickets and remove ALL non-billing data. This feature can be accessed from Client profile → More actions → Anonymize Profile.
The right to object
Individuals have to right to object at any time to processing of personal data concerning them. With HostBill your clients can review all of the terms and services they have given their consent to and withdraw that consent at any time. All changes made to client profile are logged, so if needed you can prove that the customer has given you the consent to gather/process their data (and when) and if the customer withdraws the consent you can determine when it happened.
HostBill’s MailChimp module for email and e-commerce marketing also provides quick and easy ‘unsubscribe’ option in each email send to the customer.
The right to data portability
As per GDPR individuals have the right to receive a copy of the personal data, free of charge, in an electronic format. HostBill enables to easily downloaded to the json file all personal information gathered in client profile with the single click of the mouse from My Account→ Overview section in client area.
Read more in the related article: Client summary & data download