It’s the 25th of May, GDPR is officially here and thus it’s time for a Teebly GDPR update. But not one of those asking you whether you’d like to re-opt in, “stay in touch” or “review our privacy statement”. Rather, we want to give you a look under our hood to illustrate how we handle consent management, data transfer- and deletion requests at Teebly. We’ll also highlight some of our features to show how we make data sharing and consent next-level transparent for the companies and consumers using our platform to interact with each other.
Like other B2B2C companies, Teebly plays two roles: that of data processor as well as data controller. To illustrate, our product is a smart communications platform facilitating fast and secure interactions between high-trust companies and their customers. Hence we have to think for both our customers (companies) and their clients (consumers) when it comes to GDPR compliance. But as they’re all people in the end, ease of use and security-by-design are priorities.
Here’s how we do it.
It all starts the first time a client uses Teebly (a client is the ‘C’ in B2B2C — basically, our customers’ client, or end-user). We assume that he or she has never heard of us before, so we treat this opportunity not just as a marketing touch-point but mostly as a chance to build the foundation for a trusting relationship. Towards us, and towards the companies that invited them to communicate via Teebly.
After our users filled in the basics, we explain what data is visible to the company they connect with on Teebly. They can fully control their data input and consent at this point and in the future via their privacy centre. We realise that this is not super revolutionary in itself, but at the same time see that very few companies actually offer this level of control. So, worth a mention.
In this same consent centre, we also give companies the chance to get additional opt-ins for sharing data with third parties, profiling or for newsletters via email. In a future release, companies can also list where data will be stored outside of Teebly, so that with one quick simple step their clients can start their digital communications-relationship fully informed whilst managing their consent at will.
More than just a marketing opportunity, opt-ins are about building a foundation of trust.
People just want to understand what data a company collects and what it’s going to do with it — at any time. That’s why we made those settings super simple and accessible in our privacy centre. And since one person can use Teebly to interact with multiple companies, we thought one overview to rule them all would be useful.
Users can now, at any time, opt-in or out like a 👑. In the background, Teebly notifies the company so they can take action accordingly (in their internal processes, that is).
For their privacy policies and T&Cs, companies can either pick-and-choose from our pre-defined, most common policy types or define and define and link their own. In the future, companies will also be able to add web-hooks to their e.g. newsletter system to revoke/unsubscribe people directly.
GDPR is meant to give consumers control over their data, and companies an opportunity to build trust. One way to facilitate this is that consumers can request to see all the data a company holds on them, and get it transferred or deleted. At any time. The company has to adhere within 30 days.
In the past, companies could charge up to £50 (in the UK) to handle such requests. GDPR dictates that all these requests now need to be fulfilled free of charge. So, companies with automated or semi-automated solutions and processes have a clear advantage, as they save time on every request. But at the basis of such solutions is a solid data inventory system. For clarification: a data inventory is an exact overview of what data is held on which client and where. A solid data inventory is one that is complete and leaves no room for error. Having one in place makes dealing with a transfer/deletion request a lot faster.
Unfortunately, in most companies “things” (data) are scattered across a dozen systems. Read about it in our previous blog. But even if companies do have their data organised in a central place, data transfer/deletion requests can be complicated. We learned that many consumers don’t simply want all data exported/deleted— they want to pick and choose. Now, if you’d have to process that manually for each request, the time waste is considerable.
So on our quest to limit time waste, we spoke to many consumers and companies to understand how we could design the best
possible interface. For the consumer, it should be as easy has hitting enter, not hopping through privacy policies, email
back and forth and getting lost in translation. Hence, as stated above, we first thought that simply giving our users the
option to (request to) delete everything would be good enough. But things are never that straight forward, are they? As
talks went on, we collected more and more edge-cases— so many in fact, that they became normality.
Some voices we heard from consumers:
Businesses also had their requests:
The above examples show the variety of use-cases we, and every company, has to design for. We realised that if we really wanted this to be good, we’d have to build in a high level of granularity — whilst keeping things simple. We believe we came up with quite an ingenious solution.
As happens very often, we found inspiration in our past. More specifically, in when we built Management Information Systems (MIS) for enterprises, which allowed decision makers to slice-and-dice through heaps of information, extract some of it, build subqueries and delete sub-sets from bigger sets. See where we’re going with that?
So for once, enterprise inspires startup - kind of. But well, it ain’t stupid if it works, is what our uncle used to say. 🧐
So this is what we built:
When requesting a data transfer, Teebly users can filter by the company they interacted with, the type of information exchanged, date ranges and other specifics.
The deletion process works the same, with the slight difference that we notify the company about the deletion request and ask them to confirm that they have deleted the respective data on their end. They are also asked to select which of the documents and messages are required to be archived by law. We’ll explain a bit more in detail how we handle PII deletion in another post in the future.
In conclusion, the Teebly platform now includes a simple, hassle-free and (almost) fully automated solution for clients to manage their data. It covers the new regulations’ right of information, right to be forgotten, transfer of data and consent management. Uncomplicated and straightforward for companies and their clients, as it should be in the 21st century. If you’d like to see more of where that came from, go to teebly.co. We also give demos!
We’d ❤️ to hear what you think about this. We’re always looking to learn and improve, and are curious what your experiences are with designing for GDPR. What are you facing when it comes to interface and data structure design, and how did you implement the use cases mentioned? Find us in the comments or via teebly.co — we’re always up for a good discussion.
Thanks for reading!
The Teebly Team.
P.S. If you know someone who would benefit from reading this, please do forward!
We can't wait to show you the world 's best customer communication tool. Tell us a few things about yourself and we'll show you a lot more about us.
Our free trial is launching soon. Be the first to know.
Or do you want to see how Teebly looks in real life now? Get a demo