From the 25th of May 2018, the Personal Data Protection Act (Wbp) will be replaced by the General Data Protection Regulation (GDPR). In the past year we have been preparing for this new law. The GDPR applies to all companies in Europe that process personal data. Examples of personal data are the addresses, telephone numbers or dates of birth of the customers. With the new law, the people whose personal data you process receive more and better privacy rights. You will soon have to be transparent about the way in which you process personal data.
What can you do
Fill out the processor's agreement
When you use appointment software you need a processor agreement. A processing agreement is necessary when you engage another party to process personal data. We have already created a processing agreement (in Dutch) that meets the requirements of the GDPR. If you use OnlineAfspraken.nl you will automatically receive an email to digitally sign the agreement.
Don't ask more details than necessary
Document the customer data you process and why you need them. Draw up a privacy statement for this and ensure that customers can find it. You will soon need a legal basis for processing personal data. Saving address data is necessary, for example, when customers want to receive a welcome package. If the data is not necessary for the execution of your agreement, you must have received permission from the customer to be able to process it. It is therefore important to check which customer data you need and which you do not.
Work with a secure connection
We recommend that you work with an SSL certificate for your own website. An SSL certificate ensures the security of data between the server (your website) and an internet browser. You can recognize an SSL certificate by the HTTPS in front of the URL and afterwards it is also marked as safe with the URL input in browsers. If you are not yet using this, we recommend that you contact your website builder / media agency.
Use passwords safely
Choose a strong and unique password to protect all data well. Don't let your browser save your password when you're working on a public computer.
Safety and privacy
Our dedicated servers are hosted by an ISO 27001 certified data center located in the Netherlands. To test the top 10 security risks (OWASP), we let penetration tests be executed on our software by independent agencies. For the secure exchange of data, we always force HTTPS connections. Our privacy statement is prepared for the GDPR and can be consulted via our website.
New opt-in & opt-out function for newsletters
We have developed an opt-in and opt-out function. Important when you send marketing related emails to customers. Check our support page to activate this feature.
On request we can add a functionality to your account with which you can delete all customer and appointment data up to a certain date in one go. This is not enabled by default, because this function permanently deletes data. If you want to use this, please contact us.
Do you want more information or do you have any questions? Do not hesitate to contact us.