jekram
commented
6 years ago Let's define what is the minimal set of requirements here.
Closed surendarkumar closed 6 years ago
jekram
commented
6 years ago Let's define what is the minimal set of requirements here.
surendarkumar
commented
6 years ago @jekram, Si, GDRP is ready.
@sojharo @dayemsiddiqui Can you please go through it once.
We have to put this in our privacy policy page.
jekram
commented
6 years ago @sojharo @dayemsiddiqui Please review
sojharo
commented
6 years ago @surendarkumar henceforth, please use google docs of cloudkibo google organization account. This helps in collaborative editing.
surendarkumar
commented
6 years ago @sojharo , I have also uploaded on the DOC. Link is below: https://docs.google.com/document/d/16P3Um7OL_U-u8eBuFZneHN3cuX_IxN0mSSZCcYMwsnE/edit?usp=sharing
sojharo
commented
6 years ago I have read the following guide till chapter 4 and here are some recommendations that we can either add to Surendar's document or open action tasks on them.
https://blog.varonis.com/gdpr-requirements-list-in-plain-english/
There were further chapters but not relevant for now. They would be relevant when we go for DPO (data processing officer) etc. Our current GDPR policy is good for sending as a summary in an email like other companies are doing. But we should have detailed page on our marketing website regarding this.
We should also see this checklist:
Point 1.
We should also expose the list of third parties with whom we are intentionally or unintentionally sharing user's data. Paypal is doing a very good job in exposing the list of such third parties.
https://www.paypal.com/uk/webapps/mpp/ua/third-parties-list
Third parties we use may include Google Analytics, Lucky Orange, and other integrations. @dayemsiddiqui please make a list of these integrations and third-party tools so that we also can give such list as a link.
Point 2.
We are getting two types of data. One belongs to page owners i.e. admins and other belongs to their customers (followers or subscribers). So, we should create the policy in this way. We should ensure that data of subscriber should be in complete control of admins and we would later give the permission to admins to delete the chat done with their own subscribers using kibopush or entirely remove any subscriber data. Another part of policy should enforce (I am not sure if it is necessary) admins that they should attach privacy policy to their facebook page so that subscribers would know how admins are going to use their data.
Actions Items: Let's open tasks after the discussion to let admin delete the data that they think should not be in our system or our system removes them when data is not valid anymore or completely out-dated.
Point 3.
We should clearly elaborate point by point how we are going to use the data we collect.
Action Item: @surendarkumar please elaborate this in the document.
Point 4.
We should be able to prove that we have user consent for using the data i.e. we should use EULA to let the user tick mark "I agree with EULA" in order to give consent. Most websites and software has this.
Action Items: @dayemsiddiqui please open task for this task.
Point 5.
Let them know when and how we would produce the customer data if they request it. Also, if they request to delete the data, what would be our procedure.
Point 6.
We should have list of similar FAQs like Facebook or HotJar have:
https://www.facebook.com/business/gdpr
https://www.hotjar.com/legal/compliance/gdpr-commitment
Point 7.
Page admins data is something directly coming to us but subscribers data is indirectly coming to us i.e. subscribers think they are sending their information to that page only. But we receive that information. So we should see how many chat is doing in their GDPR document regarding subscribers data.
Point 8.
We should clearly discuss the terminologies i.e. what is the meaning of data processor and are we data processor or not? etc.
jekram
commented
6 years ago @sojharo Please open the separate task and link it under milestone of "GDPR"
Please link them to this mater task.
@surendarkumar Thanks for pointing to this very important topic.
sojharo
commented
6 years ago I have opened the required tasks here:
https://github.com/Cloudkibo/KiboPush/milestone/38
Points 3, 5, 7 and 8 should be done in the document that Surendar is writing. @surendarkumar please incorporate those points in the document. Review from my side is done for now. I would read further on GDPR legalese as it is a very vast document and I have just read 4 to 5 chapters for now.
I am removing the resolved label as there is some work and improvement needs to be done in this document. We should carefully complete this document. Before marking it resolved we should have at least multiple reviews by multiple people.
sojharo
commented
6 years ago @surendarkumar please update if this is done.
surendarkumar
commented
6 years ago I have worked on the GDRP part 2. Below is the file. I have also uploaded on our company's drive.
https://drive.google.com/file/d/1ojAEwdFf0pmIt5sEuOg4h2ulpvD33_w0/view?usp=sharing
@jekram @sojharo @dayemsiddiqui
jekram
commented
6 years ago What is the next step here?
surendarkumar
commented
6 years ago We have to put this on our website, so that user can see this.
jekram
commented
6 years ago what is the next step here?
dayemsiddiqui
commented
6 years ago I have published it on the website. This issue can be closed now. http://kibopush.com/gdpr-third-party-list/
jekram
commented
6 years ago Thanks
We have to Work on General Data Protection Regulation (GDPR) because people are asking about it. We have to work on it as soon as possible.
Links
https://www.investopedia.com/terms/g/general-data-protection-regulation-gdpr.asp
https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/
@dayemsiddiqui : Man, we have to work on it as soon as possible.