FlexBooker has always believed in giving you control over your own customer's data, and giving you access to export this as needed, however, the new GDPR changes have some very specific requirements that we have created some special tools to help you with compliance.
To start with, let's cover the background...
What is GDPR?
GDPR stands for the General Data Protection Regulation. It is a new law that came into effect on the 25th of May, 2018, and has lots of implications for how customer data is stored, transferred, and managed.
Here's a link to the full regulations text: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679
And a helpful summary, here: https://eur-lex.europa.eu/legal-content/EN/LSU/?uri=celex:32016R0679
How does this affect my client's data in FlexBooker?
In terms of your client's data in FlexBooker, it can be broken down in the following ways:
- Allow your customer's PII (Personally Identifiable Information) to be completely removed from the system at their request.
- Give you, our merchants, the ability to set a custom data retention period, after which we automatically remove your customer's PII data.
How do we apply these requirements in FlexBooker?
- If you have enabled data retention management from your FlexBooker settings, then whenever you delete a customer from the Customers tab, we will immediately remove all their PII information from our databases and scrub logs, so that no record of their PII exists any more.
- We now have a settings area where you can enable Data Retention Management, and decide exactly how long after a guest's information is needed that we keep it in your account's data. This retention period can be set to any number of days (e.g. 365 for a year), and we will automatically remove all the PII guest data at that duration after they last had an appointment with you.
Should I care if I'm not in the EU?
The GDPR apply to all EU citizens, even when they're travelling abroad. Our suggestion is that everyone takes advantage of the tools we provide to enable compliance with the GDPR, even outside of the EU.