The General Data Protection Regulation, or GDPR, is a regulation in EU law on data protection and privacy went into effect on May 25, 2018. The GDPR regulates how individuals and organizations may collect, use, and retain personal data, and addresses the export of personal data outside the EU.

This will outline some of the steps that Bandzoogle has already taken and some additional help.

Does the GDPR affect me? What is personal data?

GDPR applies to companies based in the EU as well as any organizations that process the personal data of EU citizens. We've been following these new regulations closely and we'll continue to add helpful tools.

Personal data is any information that is about a specific person. This can include names, addresses, e-mail addresses, or birthdates. It can also location and biometric data.

The rights included in GDPR are:

  • The right of access
  • The right to rectification
  • The right to erasure (right to be forgotten)
  • The right to data portability
  • The right to object

What is Bandzoogle up to?

Since this regulation was passed, we have

  • Updated our Terms and Privacy policies
  • Begun anonymizing IP addresses
  • Reviewed our products and services to determine what (if any) changes need to be made
  • Assigned a DPO officer
  • Made sure that when users can unsubscribe from your fan lists, their data is deleted
  • Added tools on all sign up forms that allow you to specify your intentions for the data
  • Added a source for your lists. If a user has been added to your list via an import or upload tool, you should refresh consent
  • Added a message to the mailing list confirmation message that outline how their data will be used. You can also add a message to your Mailing List Signup feature to note what type of communications you will send members

You can manage your account details from your Account settings, and your billing details from the Plan and Billing section. In the coming weeks we'll be adding more tools to help ensure a strong "people first" data privacy ethic.

How does Bandzoogle protect data of members and fans?

  • Our payment gateways for members and customers are PCI compliant at the highest level
  • We serve all pages over HTTPS/SSL secure protocol
  • Bandzoogle has implemented the right to be forgotten for our members
  • We use a hashing called Bcrypt to protect your password, so it can't be viewed by anyone

We collect and store the fan and member data. The Bandzoogle member is responsible for that data and manages it. The Bandzoogle member can sometimes have their own privacy policy.

When responding to a sign up form at Bandzoogle, fans may provide personal information or data. Please note that Bandzoogle is not responsible for the content of that form, so if a fan has any questions about a form on a Bandzoogle member's website, they should contact the Bandzoogle member directly.

Best Practices for Your Bandzoogle Website

We can't provide legal advice, but here are a few things you can implement on your website to move toward compliance.

  • Review your website to see what kind of personal data you collect. Do you have a mailing list signup form on your site? Have you used our mailing list feature in the past, and exported your members list to another provider?
  • Create a privacy policy. You can include things like what information you collect, who you share it with, why you collect that information, and anything else required by the GDPR. We've added a Terms field to the Footer section of user sites and you can learn about how to use that here. You can add this manually to any page as well, if you prefer.

Where can I learn more about this regulation?

The information above is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this as legal advice, nor as a recommendation of any particular legal understanding.