ForumsQuestionsCompliance with General Data Protection Regulations (GDPR)
Compliance with General Data Protection Regulations (GDPR)
| Author | Message |
|---|---|
|
Daniel Nierenz |
Is it possible to use Toodledo under the premises of the GDPR of the European Union, and do you provide GDPR related assurances? Being a lawyer, it would be a compliance issue to continue to use Toodledo without such assurances.
|
|
Jake Toodledo Founder |
We dont secretly collect personal information about our users, our emails are opt-in, and you can delete your data from Toodledo whenever you want. These are the main parts of GDPR as far as I understand it, so we were already in compliance.
|
|
frenil75 |
Good question Daniel.
@Jake: The main thing with GDPR is whether you have personal information in your todos or not. I'm allowed to say "make phonecall" but I'm not allowed to have "Make phonecall to Jake Lastname +1PHONENO". Which makes it hard to know to whom the phonecall was supposed to. And also one issue is where the servers are located. Found som older info: "The official clock is the Toodledo web server located in the US Eastern timezone." The servers are in the U.S.? If so, you should comply to the Privacy Shield: https://www.privacyshield.gov/ |
|
Olivir2018 |
As I understand it, then when you enter someone's name in a task/note/whatever for your eyes only, then it is out of scope of GDPR, especially because this is an ad hoc use, not systematic collecting.
What Toodeldo should do to protect the data, is another question. Also, it's not only about doing things to protect the data, but also letting users know about it in simple enough vocabulary and syntax...;-) |
|
ernst.zoeschg_1299615250 |
Posted: May 29, 2018
Score: 0
Reference
Posted by Jake:
We dont secretly collect personal information about our users, our emails are opt-in, and you can delete your data from Toodledo whenever you want. These are the main parts of GDPR as far as I understand it, so we were already in compliance. @Jake: that´s definitely not enough (for us in the EU). We are definitely not allowed to use toodledo anymore, if we have phone numbers and names or an e-mail adress in toodledo to contact someone. You should (from our view you must) in deed comply to the Privacy Shield: https://www.privacyshield.gov/ |
|
Jake Toodledo Founder |
I will look into it with our lawyer. Thanks for the additional information.
|
|
ernst.zoeschg_1299615250 |
Posted: May 29, 2018
Score: 0
Reference
FYI...an example: Whatsapp will be absolutely banned from all phones that are also used in business. Would be a mess for us concerning tooledlo.
|
|
Olivir2018 |
Posted by ernst.zoeschg_1299615250:
@Jake: that´s definitely not enough (for us in the EU). We are definitely not allowed to use toodledo anymore, if we have phone numbers and names or an e-mail adress in toodledo to contact someone. [/quote] I knowm this is not solution for you - but for myself, I have rather decided not to use personal information, than to leave Toodledo. Granted, I don't have tasks like "call ..." @phone, or "e-mail ...". |
|
Daniel Nierenz |
@Jake
Thank you for your reply. In order to get along with the compliance rules, I must assure that no one has acces to my data, otherwise I must not note anything like visit client Miller at 1 The Square, Glasgow, or phone client Doe at +01 1234556, which would restrict the use of Toodledo on private matters rather than business matters. Is there an end-to-end encryption available? |
|
Jake Toodledo Founder |
Toodledo enforces SSL connections so your data is encrypted in transit to and from the website.
|
|
maphiwe |
End-to-end would mean encryption of the data in the database as well as in transit. Actually, it would be best if the encryption would be client-side, so that only the user can ever read the data.
|
You cannot reply yet
U Back to topic home
R Post a reply
To participate in these forums, you must be signed in.