Like many of our customers and partners, we have been spending time over the last few months reviewing our systems and policies for the EU General Data Protection Regulation (GDPR). This law, which goes into effect May 25, 2018, governs how companies process the personal data of EU residents and establishes stronger protections for the ‘digital rights’ of an individual.
While Tettra is already in compliance with many parts of the regulation, we’ll be updating our policies and documentation over the next few weeks to explicitly address GDPR requirements. The changes we’re releasing fall into four categories:
- Product updates to give customers more granular and explicit control over what data is shared with Tettra
- Better documentation on existing tools for account export and deletion
- Updates to our Terms of Service
While GDPR applies specifically to our EU customers, we’re making these changes across our entire system, because we believe that all Tettra teams will benefit from the greater transparency and control over their data. You’ll find more information on what we’re planning in each of these four categories below.
We’re updating our sign-up flow to reduce the scope of data we request from your Slack account and make it clear what data/authorization we request from Slack and why. We have already moved some features that require additional Slack access to opt-in, and we plan to make more features that require Slack opt-in as well.
Clearer Documentation on Existing Tools
We recently added self-serve exports in the app, so you can download all of your Tettra content at any time, regardless of subscription status. We also already honor requests to delete all of your data from our systems. We will update our website with more details on how to submit a request and how we process those requests. We are actively working with our third-party service providers to be able to delete any personal data that is stored on their systems (for example, analytics and usage data tied to a specific Tettra user).
Terms of Service
We’ll be updating our Terms of Service, so customers retain more rights to their content on Tettra. We’ll also be adding a data breach policy, which will cover our commitment to notify our customers promptly if we become aware of any unauthorized access to their data.
We hope this post provides some clarity on our upcoming changes for GDPR, our ongoing work to keep your data protected, and helps your organization in your own efforts as you prepare for this important new regulation.
If you have any questions about GDPR, our work around security and privacy, or ideas on how we could improve in this regard, reach out at any time at firstname.lastname@example.org.