As blogged about previously, we are overhauling how we work with your personal data on Assenty in view of upcoming legislation in the GDPR.
What is the GDPR?
The GDPR, or the EU General Data Protection Regulation, to give it its proper title, is a new piece of legislation around data protection that is currently in place but becomes enforceable after 25 May 2018. After this date, companies can be faced with sizeable fines if they are compliant with the current Data Protection Act 1998 (DPA), which the GDPR replaces, but are not compliant with the GDPR.
The fines go up to £17 million or 4% of the annual worldwide turnover of the preceding financial year, whichever is greater.
The new legislation offers citizens a range of new rights with regards to data protection and privacy. Handling consent to use personal data is central to the GDPR and is a key difference between this regulation and the DPA that it replaces. I recently contributed a thought leader article on how the GDPR affects startups and small businesses on startup platform Startacus. It’s a good little read if you want to know more about how to prepare.
Under the GDPR, individuals have granular and ongoing control over use of their personal data. In Assenty’s case, this personal data is name and email address. In the light of this, we’ve had to reconsider how we handle user consent on Assenty: how we get it, and, all importantly, how the user has control over giving, and withdrawing it, a critical new stipulation under the new legislation.
What is Assenty?
Assenty is a social Q&A platform. It was designed to solve the problem of answering questions from an audience. Event organisers submit a few short details about their event at assenty.com to get a question board, a URL which anyone can post questions to, for free.
Every question posted is up for the public vote and event organisers can answer and reward questions in real-time. Questions can also be posted anonymously.
The question board can be sent to delegates ahead of the event, making the platform perfect for getting questions from Twitter for speakers on a panel, for example.
We’ve made some changes to the platform to bring things into compliance with the GDPR. These changes primarily affect how our email notifications work.
What’s New – Explicit granting of consent
Now, on Assenty, users have to explicitly grant us the consent needed to inform them via email notifications.
Previously, a user received emails from us once they logged into the system and interacted around question boards.
This was how we kept users up to date about questions and votes posted to question boards, or votes, answers or awards received by questions posted on the platform.
We now invite users to give us consent to email and keep them notified. If consent is not given, or withdrawn, *no* emails are ever sent.
The Dashboard is used to request this consent and it can be withdrawn at any time through the My Information page in the user account section.
What’s New – Enable and Disable email notifications
In addition, we’ve taken this opportunity to provide fine grained control over the sending and receiving of email notifications.
Now you can enable and disable email notifications, handy for moderators on busy question boards – limit how much email we send you about your question board!
The screen shots below illustrate the new features:
1. Requesting consent in the Dashboard
2. Consent given
3. New Consent Controls in your User Account
We hope you enjoy using the new features!
We’ll be introducing more new features to ensure our platform complies with the GDPR.
If you come across any problems let us know on Twitter (@assentyapp) or Facebook. We’d love to help.