GDPR III: How Usabilla Got Ready for GDPR
After GDPR comes into effect on May 25th, you still can gather valuable insights from your users. Usabilla provides customers with the necessary measures to collect GDPR-compliant feedback. We achieve it by investing time, effort and resources into getting our products and procedures ready for the new privacy rules.
In an interview, CEO Marc van Agteren and Product Owner Marilia Maioli shared Usabilla’s approach, principles, and actions to provide our customers with a GDPR-compliant Voice of Customer (VoC) solution.
How has Usabilla taken on GDPR, and what is the implication on Usabilla’s customers?
Marc van Agteren: “Privacy has always been on the top of our priority list. The new regulations bring challenges for companies, but it also encourages us to make our data processes even leaner.
GDPR forces everyone to think again about data. We ask questions like: “Do I really need my user’s location information? Am I stepping over their privacy by sending unsolicited emails?” In a way, you could say GDPR is the ultimate customer-centric approach. You think twice about the privacy of your users and put their interest at the heart of your decisions. You would, for example, collect relevant information and nothing else, or only contact users for the right purposes.
Before GDPR, we already created features which aimed to protect our customer privacy. Things like masking options or handling screenshots were taken care of years ago. We always consider it is our responsibility to create the safest journey within our product. In light of the introduction of GDPR, we have systemized our privacy practices. Our solution and the feedback-gathering activities of our customers are compliant with the new rules.”
Specifically, how does GDPR impact customer-feedback gathering? How do Usabilla’s product and values help companies deal with the new challenges?
Marc van Agteren: “First of all, although personal, an opinion is not considered privacy-sensitive information; just like mood scoring or how you rate a company with NPS scoring.
To be on the safe side, the first thing you need to determine is whether the information you collect is privacy-sensitive. In some cases, the combination of two pieces of information makes the data privacy-sensitive. Then you are still allowed to collect the data, providing you have a good reason. The second thing you need to think about is how long you store the data. If it doesn’t make sense to keep specific data for too long, then you need to adjust the retention period.
To protect our customers from collecting privacy-sensitive information inadvertently, we always opt for privacy-by-design. It means that by default our solution doesn’t enable storing privacy-sensitive data, such as personal bank information or contact details. This default setting actively protects our customers. It directly results from our long-standing commitment to the privacy of our customers and their users.”
What measures did you take to organize the implementation of GDPR?
Marilia Maioli: “At Usabilla, everything we do starts with our customers in mind. With GDPR it isn’t any different. We’ve made a thorough assessment of all the personal data we are collecting, and how it is being processed and stored. We have a dedicated team working on adjusting the product to provide our customers full control over the collection and retention of their users’ personal data. While it is important for us to become GDPR-compliant, we make sure our customers still have the best possible experience when it comes to managing their users’ data.
We take becoming GDPR-compliant as the first miles on a long road. We will continue to review, improve and make our processes straightforward, transparent and secure.”
How can you make sure that privacy is a top priority on the agenda, besides your regular activities for the product development?
Marilia Maioli: “Every time we look at a new functionality or review one of our existing processes, we consider not only the customer perspective but also that of the end-users. We believe that if we can help our customers build trust with their users and grow their businesses, we all can improve together.
The key is to see data privacy not as a differentiator, but as an absolute given. Within our solution, data is protected by default. We also help our customers identify the very few reasons why they would need to collect personal data. We implement transparent and respectful procedures of processing data. That way the data you collect is only accessible to the people who will act upon it and stored for as long as necessary.”
What are the changes in Usabilla’s solution to comply with GDPR? What is the biggest achievement behind the scenes?
Marilia Maioli: “With the new changes, location and IP address are not collected along with the user feedback by default. We provide several control options to enable our customers to let their users know which data is being collected and for what purpose. We’ve also improved our data deletion processes to be more transparent, and we are very proud to announce our new data retention feature. Usabilla customers can now specify a period after which old feedback data is automatically deleted. Your user data won’t lie around for longer than necessary, and you avoid the risk of breaking GDPR rules.”
What are the next big steps when it comes to privacy and security? Does the privacy conversation stop after GDPR?
Marc van Agteren: “Looking towards the future I am excited and glad to say it doesn’t just stop after GDPR. Respecting and protecting the privacy of users in the digital space should be on every companies’ top priority list. From our side, I can already tell you that we are continuously improving our procedures to make sure they meet the highest standards that our customers deserve.
Now keep calm and continue tuning-in to the voice of your customers!”
If you would like to know if you are collecting data GDPR proof, use our checklist to find out!
Read more about Usabilla’s commitment to the GDPR.