What is GDPR?
The General Data Protection Regulation, or GDPR, is a new European Union law took effect May 25, 2018. The GDPR gives persons in the EU greater control over their online data and adds new requirements for businesses that handle that data.
Does SUMO Scheduler comply with GDPR?
Does SUMO Scheduler allow clients to comply with GDPR?
Yes, SUMO has tools to allow customers to comply with the GDPR. For example, SUMO Administrators may read the “How to setup SUMO in a GDPR-compliant manner” article, which enables customers to collect explicit consent as required under the GDPR. This feature allows customers to display their own Terms and Conditions or Privacy Policies. SUMO also provides users with the tools necessary to delete client data upon request, or to provide customers with copies of their data, or to comply with a client’s data portability request. SUMO clients can query all appointment data relating to a particular appointment. Client data deletion requests can be made by emailing firstname.lastname@example.org and including in the request the names of all persons whose data should be deleted.
However, the determination of whether you’re impacted by the GDPR and what steps you must take to comply is ultimately up to you. This includes how you configure and use your SUMO account, the data you choose to collect from your customers, and other issues. Your company is ultimately responsible for upholding your obligations under the GDPR and SUMO Scheduler is not responsible for your lack of compliance or misuse of the software. More information on the GDPR can be found at www.EUGDPR.org.
How can my organization use SUMO Scheduler in a GDPR-compliant manner?
SUMO customers who are subject to the GDPR will need to make some changes to the way they use our system. Step-by-step instructions about how to use SUMO in a compliant manner can be found here. SUMO users are also responsible for upholding their obligations under our Terms of Service and Data Processing Addendum (DPA).