GDPR has been the hot topic for businesses worldwide for the last few years and the chances are it’s been taking up a lot of your time on the journey to compliance.
The new privacy law has raised a lot of questions and as well as ensuring that our business is compliant we’ve also been enhancing the features of Instiller to help our agencies and their thousands of clients.
What does it all mean?
If the GDPR is a new thing to you and you’re playing catch up have a read of this blog post of ours that gives a good overview of what it is and why it needs to be taken seriously.
Be quick though, 25th May 2018 is just around the corner!
It’s not all bad news
We’re fully supportive of what the GDPR represents because it means that, finally, everyone must take data protection seriously.
Assessing how your business is involved with personal data is a good thing and you will quickly start to see the benefits from taking the time to review all of your contracts and working practices.
When May 25th 2018 comes around data protection is your responsibility (it already is anyway), not someone else’s / a piece of software’s job, but don’t risk it and leave it until the last minute.
What you can do now
Below there’s more info about some of the things you can do right now and most of it is pretty straightforward so take some time to run through the info and just let us know if there’s anything you need.
Review your Instiller solution security settings
Being able to create an unlimited number of client accounts and logins offers brilliant flexibility but it can lead to potential security risks.
It’s time to review the client accounts you have setup, the people that have access to those accounts and your general security settings.
Client Accounts
When you find any accounts that you no longer need there’s an option to process a complete permanent deletion of all related data.
- Go to your Agency Team tab
- Click on the Client Accounts feature box just below the tabs
- Review the list of accounts (there’s a search and filter options too)
Agency Team Logins
Be sure to remove anyone that either doesn’t require access or is no longer working with your agency.
- Click on your name in the top bar
- Choose Solution Settings from the menu
- Click on the Agency Team option
- Review the details of everyone that has access
- Use the new permissions and roles feature to customise and secure access
- Delete any Agency Team Logins that are no longer required
Client Account Logins
There may be logins that you don’t recognise if your clients have the security permission to create their own logins. Work with them to ensure you’re not too brutal when it comes to deletion.
- Select the Client Account you want to review
- Click on your name in the top bar
- Choose Client Account Logins from the menu
- Review the details of everyone that has access
- Use the new permissions and roles feature to customise and secure access
- Delete any Client Account Logins that are no longer required
Security settings
Our recommendation is that you thoroughly test out any changes you make to the security policy to ensure they have the desired effect.
- Click on your name in the top bar
- Choose Solution Settings from the menu
- Click on the Security option
- Review the options available in each section
- Password Security Policy
- Log In Protection
- Trusted IP Addresses
- Login Roles
Control data storage and suppression
Storing data for an indefinite period of time is a really bad approach to risk and it’s much better to only store the data you need. It’s also better to store suppressed email addresses in encrypted format to reduce personal data storage further.
Data Retention settings
There are lots of different settings within the data retention policy and deletion is a permanent thing so please ensure you fully understand the implication of changes to any of the defined rules.
- Click on your name in the top bar
- Choose Solution Settings from the menu
- Click on the Data Retention option
- Review the options available in each section and hover over the help indicators for more info
Encrypt suppressions
Encrypting suppressions enables stopping people from receiving emails they no longer want or consent to whilst eliminating the risk of storing their personal data.
- Click on the Lists tab
- Choose Realtime Block List from the sidebar
- Click on the Anonymised Suppression page
- Import a list of email address that you want to permanently suppress
Review policies & terms
There’s privacy notice for anyone that access your Instiller solution and when data is created or modified within Instiller it requires a confirmation for acceptance of terms.
Take the time the read and fully understand the details of each of these policies and ensure the information that gets merged into them is accurate.
For reference, here’s a link to the Instiller Terms & Conditions that apply to your solution.
Privacy Notice review
This notice is for the people that use your Instiller solution. You will need to ensure that the privacy notices on other points of data capture, such as Forms, are compliant with the GDPR.
- Click on your name in the top bar
- Choose Solution Settings from the menu
- Click on the Policies option
- Update the contact details settings
- Read and review the merged policy
Terms of Use review
Again, for the people that use your Instiller solution and any other websites and apps where there is end-user interaction you will need to ensure you have your own terms in place.
- Click on your name in the top bar
- Choose Solution Settings from the menu
- Click on the Policies option
- Update the contact details settings
- Read and review the merged policy
Monitor data retention tasks
Reports are available at the Solution level and at a Client Account level and both provide detailed analysis of data storage, dormant data, downloads expiration and there’s a complete record of all associated clean-up tasks.
Agency Team and Client Accounts can be set to receive emails alerts about upcoming data retention cleanup tasks.
Solution level report
This report provides a view across all Client Accounts that are currently set-up. The analysis also includes dormant and suspended accounts.
- Click on the Agency Team tab
- Click on the Solution Reports feature box just below the tabs
- Choose Data Retention from the sidebar options
Client Account level report
Where unused and orphaned data is detected there are options to permanently delete if required.
- Select the Client Account you want to view
- Click on your name in the top bar
- Click on Account Reports in the menu
- Choose Data Retention from the sidebar options
Always use email authentication
A different side of security, but very important all the same, is to ensure that every email you send has a valid SPF and DKIM setup.
There’s just a few simple DNS records to implement these email authentication standards and it will help to protect the people you’re communicating with from receiving spoofed, forged and phishing attempt emails.
Custom sending domains
The Reputation Monitor feature lists all domains and if you want to check any specific domain on an ad-hoc basis go to the log in screen and click the Custom Domains link in the footer.
- Click on Reputation Monitor in the top bar
- Review the list of domains
- Look out for warning and error indicators
- Click on a domain for DNS record setup info
Make a start
The features of Instiller will help you while you’re working through ensuring your data protection practices are at the level they need to be and if you have questions and want to run them by us please send them to help@instiller.co.uk.
The help pages are a handy resource so if it’s more information you are after try entering a few keywords and search phrases like the ones below…
- GDPR
- Subject Access Request
- Right to Be Forgotten
- Consent
- Data Capture Best Practice
- Double Opt-in
- Privacy
- Personal Data
One last thing, here’s a link to a page that provides more information about our infrastructure, where we store data, how we manage backups and that type of thing.