FlippingBook's GDPR readiness

Introduction

With the General Data Protection Regulation (GDPR), which will be effective from May 25, 2018, the European Union has taken a great step in protecting the fundamental right to privacy for every EU resident. Simply put, EU residents will now have bigger say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with personal data of EU residents in any manner, irrespective of location, has obligations to protect said data. FlippingBook is well aware of its role in providing the right tools and processes to help its users and customers to meet the GDPR mandates.

FlippingBook’s Commitment

At FlippingBook, we respect our users’ right to data privacy and protection. We do not rely on advertising as a revenue stream. We have never served ads in publications to our users, and never will. We do not serve ads to paid or trial users. This means that we have no need to collect and process users’ personal information beyond what is required for the functioning of our products. We also recognize that the GDPR will help us move toward the highest standards of operations in protecting user data.

How is FlippingBook preparing for the GDPR?

With 35K+ users across 190 countries, FlippingBook is taking steps to be compliant with the GDPR once the regulation comes into effect. And as a data processor, we understand we must help our customers prepare for the regulation as well. We have thoroughly analyzed the GDPR requirements, and our company is going to meet them with the help of a dedicated internal team.

Some of our initiatives are:

  • Appointing a team responsible for the GDPR compliance. It is a team in charge of overseeing data management in our company. You can get in touch with them at privacy@flippingbook.com.

  • Coordinating with vendors. We are reviewing all our vendors, learning about their plans with regard to GDPR compliance, and arranging data processing agreements with them.

  • Enhancing data security. FlippingBook applications only work via HTTPS, so our users can be sure that their data collected by FlippingBook remains safe. All connections to FlippingBook are encrypted and authenticated through a strong security protocol.

  • Identifying personal data. Each FlippingBook application and website has a different level of personal data collection, usage, storage, and disposal. Defining the scope of personal data for each of these applications and websites and documenting the various data sources will allow us to provide a roadmap for compliance prior to the implementation.

  • Providing visibility and transparency. The key objective of the GDPR is to ensure that companies inform their users about the way their personal data is used. As a data processor, FlippingBook provides its customers (data controllers) with the ability to protect and manage their viewer’s data. FlippingBook is exploring ways to make product enhancements that will allow us to do just that without affecting performance rates.

  • Enhancing data integrity and security. Data privacy and data security are two sides of the same coin. As our customers strengthen their data security, FlippingBook would like to help. We’re implementing IT policies and procedures that provide better end-to-end security.

  • Portability and transferability of data. The GDPR gives users the right to receive all the data provided and processed by the data controller and/or transfer said data to another controller, depending on technical feasibility. With this new right in mind, FlippingBook is working on further enhancing its capabilities to enable data export at the individual level.

What does this mean for our customers?

We understand that meeting the GDPR requirements takes a lot of time and effort. And we want to make the process as easy as possible for you so that you don’t have to worry about compliance and can focus more on running your business.

To help you get your users’ consent, we are implementing several changes to our products:

  1. You will be able to add Cookie Notice banner to your publications with a link to FlippingBook Privacy Policy.

  2. Privacy Consent will be automatically added to the lead capture form in your publications.

Important note: FlippingBook has no direct relationship with your viewers. You are responsible for getting the appropriate permission to collect and process your viewer’s data through publications made with FlippingBook.

What should you do to prepare for the GDPR?

If you are just starting to implement with the GDPR compliance in your organization, here’s a quick to-do list:

  • Create a data privacy team to oversee the GDPR activities and raise awareness

  • Review current security and privacy processes in place and, where applicable, revise your contracts with third parties and customers to meet the requirements of the GDPR

  • Identify the Personally Identifiable Information (PII)/Personal data that is being collected

  • Analyze how this information is being processed, stored, retained, and deleted

  • Assess the third parties that you disclose the data to

  • Establish procedures to respond to data owners when they make inquiries

  • Establish & conduct Privacy Impact Assessment (PIA)

  • Create processes for notification activities in case of a data breach

  • Maintain employee awareness to ensure continual compliance with the GDPR.

Learn more about the GDPR

Please check the full text of the GDPR.

Was this article helpful?
;
drift chat