GDPR by Design

Your Data, Your Rights, Your Terms

General Data Protection Regulation, or GDPR, is a new regulation passed by the European Union that is being enforced as of May 25th, 2018. Financial penalties for failure to comply with the strict guidelines for data protection are extreme. A recent Gartner report states that by the end of 2018 more than 50% of the companies impacted by GDPR will not be in compliance with the requirements. These companies are taking chances with your data placing you and your customer's privacy at risk, and could be putting your company in jeopardy of receiving significant fines for each occurrence of non-compliance.

In addition to the financial penalties, companies identified as being non-compliant are publicly cited introducing the risk for long-term irreparable reputational damage. A noteworthy example is the data breach of TalkTalk; the European Commissioner's Office issued a $532,158 fine, even more damaging was the fact that TalkTalk lost over 100,000 customers. Think about it, how much would a non-compliant platform cost you?

Blueberry, Inc. is committed to providing our customers with highly secure, performant and dependable platforms where GDPR compliance is designed into the solution. Blueberry, Inc's GDPR compliance is readily producible and made available upon request of the regulating authorities.

We consider Blueberry, Inc. to be a Data Processor and a Data Controller for all of the personal information we collect; the information we collect is strictly used for the purpose of running our business and is never shared with any third parties. Simply put, Personal Data hosted on our platform, remains on our platform.

Web Design agencies using the BlueberryCMS platform are considered Data Controllers for all personal data collected by their company. In this capacity, Blueberry, Inc. serves as the Data Processor for any data we host on the BlueberryCMS platform. Web Design agencies gathering personal data outside of the BlueberryCMS platform may also be considered Data Processors and should seek guidance to ensure required controls are implemented.

Web Design Agency customers each operate as Data Controllers since they collect data and make business decisions on how the data is processed and used. The BlueberryCMS platform is hosted on the Amazon AWS platform which also makes Amazon a Data Processor. Amazon AWS has specific regions which are GDPR compliant and the BlueberryCMS platform is only hosted in these GDPR compliant environments.

As a Blueberry customer, you are assured:

• Blueberry, Inc. has an assigned Data Protection Officer, who is focused exclusively on data protection policies and monitors adherence to those policies.
• Every hour of every data, Blueberry, Inc. is ensuring the protection of your data so you can focus on growing your business.
• A comprehensive Data Map representing the flow of personal data across the entire platform.
• Lead generation is tracked according to source.
• Blueberry, Inc. Employees have platform access relevant to their role only.
• Your customer data is encrypted in-transit, at rest, and is not accessible by Blueberry, Inc. Employees.
• Compliance with an individual's "Right to be Forgotten".
• All transactions on the platform are logged for auditing purposes.
• Blueberry, Inc. has a data breach plan.
• Users are informed about the type of data collected and how it will be used.
• Users are presented with a clear, easy to understand, Privacy Policy.
• Sites include an 'opt-in' option for any form prompting users for personal information.
• If Cookies are used, users are notified about what is being collected and why.
• All BlueberryCMS hosted sites come with free SSL certificates to ensure encryption in-transit of all data.

Many companies have only focused upon the bare minimum changes to help them get up to speed with GDPR requirements. We've built BlueberryCMS from the ground up with GDPR compliance in mind. With BlueberryCMS, you don't have to gamble on a hosted solution or your customers' personal information!

Please visit the official GDPR site for information regarding compliance.

Updated September 12, 2018