GDPR (General Data Protection Regulation) is effective today May 25, 2018. We are doing our best to comply with the GDPR as soon as we can. This post explains what have we done, what are we doing, and how this affects you as user of DoLeague.
We will keep updating this post when we finish other tasks or if we have more information to share.
Hay una versión en Español de este artículo aquí: Versión en Español.
What is DoLeague doing about the GDPR?
Because DoLeague was based in the UK, and before this in Spain, we have been compliance with all the rules before GDPR.
Even with that, we wanted to take a step back and we have audit our whole organization to ensure that we do not have any issues on the process.
This audit includes:
- Review all the data we are processing and make sure that we have the legal base to handle it.
- Review all the process to make sure we do not get more data that we need, and that we keep the process secure.
- Make sure that the users are informed of everything that happens at DoLeague.
We have been always consider that privacy is key for any relationship between users and apps. It is an important thing for us and we are using this opportunity to improve on this aspect.
What is DoLeague doing to be GDPR Compliant?
We are not just doing this because we need to be compliant, we are using this opportunity to review all our system and make sure that Privacy by Design is incorporated into our core, not only because we need to, but because we want to.
So we are not going to stop on the limits of the law, we want to make sure that even if we could keep some data, if we are not going to use it, we won´t collect it on the first place.
With this in mind, these are the changes we are doing (and their status as 25th of May):
- Audit all our processes and data to understand the data flow (Done).
- Find out where we are failing on terms of data, process, security or information (Done).
- Make sure we are covering all the data subject rights so everyone can enforce them anytime. (Done)
- Check all the third party we use and make sure that all of them comply with GDPR. If they do not, find another partner that does. (Under Process).
- Develop a plan to fix anything that needs to be fixed. (Done)
With that plan in mind, we are working on these areas:
- Ask all our users to update their consent for their email updates notification. (Done).
- Make sure we include an optin option for the newsletter when you sign to doleague.com. Meanwhile, we are not sending any new emails to anyone that has not opted in. (Under Process).
- Modify the way the organisers add people data to their tournaments. They need to make sure they comply with GDPR and we will use a double optin to make sure that they want to join DoLeague. (Under Process).
- Creating a new email and platform to manage all the privacy requests in time. (Under Process).
- Removing all extra data that we collect and do not use so we minimize the risk. (Under Process).
- Changing the way we activate the accounts to they are more secure. (Under Process).
- Full encode some data that we need to keep for legal reasons so they do not increase the risk for our users. (Under Process)
- Make sure we incorporate the Privacy by Design on our future developments. (Under Process)
- Create new internal documents that explain how we handle any privacy request. (Under Process)
- Create a new security document with all the changes. (Under Process)
What do you need to do as an user of DoLeague?
You do not need to do anything, but there are things you could do:
- You should have received an email about the email notifications about updates. You can confirm if you want to keep receiving those emails or not.
- You can review your notifications from your accounts settings within the app.
- If you want your data removed you just need to go into your account settings and delete your account.
- You can always contact us at help.doleague.com for anything you need related to doleague.com
We know we are a little late on some areas, but we are doing our best with the resources we have. Please contact us if you have any question related to this process or your data.