,

European Union’s General Data Protection Regulation (GDPR) and Compliance

Tave GDPR

We’re announcing updates to our privacy policy. These changes reflect the high privacy standards established by the General Data Protection Regulation (GDPR) recently passed by the European Union.

The privacy law becomes enforceable May 25, 2018.

Read our updated Privacy Policy here…

What is GDPR?

The law establishes requirements on the handling of personal information, especially when data crosses borders. It requires explicit opt-in before marketing to a European, legitimate business reasons for storing and processing personal information, and enshrines several new rights. The new rights include “the right to be forgotten”, portability of personal information, and to be notified promptly in the case of a data breach.

Does this affect me?

Yes. This affects all Táve users who handle the personal information of contacts from the European Economic Area. If you interact with EU nationals or think you will in the future, you must also execute the Táve Data Protection Addendum (DPA).

Read more here…

New Features to Help You Comply

Along with updates to our privacy policy, we’re releasing several tools to help users comply with the strict privacy requirements laid out in the law.

Marketing Opt-In

We’ve added a new ‘Privacy Opt-In’ field to both Contact Forms and Questionnaires. GDPR states that contacts from the European Economic Area must opt-in to receive any marketing communication or to have their personal information used in a way that goes beyond the reason that they gave you their personal information in the first place (for instance, if a European submits a request for information about a wedding, you can’t later send them a message about a special offer or email them about a portrait session without their explicit permission).

This is what the field looks like:

Strict Privacy

We’ve added a ‘strict privacy’ option to all contacts in your Táve address book. This value indicates that the contact is subject to the strict privacy requirements of the GDPR. It can be set manually but Táve will also set it for you if the contact has an email address or address from one of the countries in the European Economic Area (i.e. France or Germany).

The Right to Be Forgotten (Anonymize Contact)

GDPR requires that contacts have the right to be forgotten and that all personal identifying information be erased upon request. While Táve has always had the ability to purge contacts or jobs from the system, which complies with the right to be forgotten, we’ve created a middle-ground tool that anonymizes the contact while keeping your history and financials intact.

Anonymizing contacts is permanent and irrevocable. You will be warned with what data will be erased and what data will NOT be erased.

Privacy Compliance Log

You can now quickly see when a contact opted-in or out of your marketing, whether they require strict privacy and why it was set if set automatically, and when and by whom the contact was anonymized. This box will appear on the address book profile of any contact touched by privacy compliance.

Read more about those tools here…