Have some questions about GDPR and Book Like a Boss? Read below to find out everything you need to know.

1. What is the GDPR?

Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”), is European privacy legislation that takes effect May 25, 2018. It will replace the existing EU member state laws that implement the EU Data Protection Directive, which has been in existence since 1995.

2. Is the GDPR applicable to Book Like A Boss?

Book Like A Boss is covered by the GDPR in situations where Book Like A Boss processes personal data of Book Like A Boss customers, including but not limited to customer end users, if those individuals are located in the EU.

3. Is Book Like A Boss a Data Controller or a Data Processor?

Book Like A Boss may operate as either a Data Controller or Data Processor depending on the circumstances.

With respect to the personal data of its customers, Book Like A Boss generally is a Data Processor and Book Like A Boss’ customer is the Data Controller. The Book Like A Boss customer, the Data Controller, determines the purposes and means of the processing of personal data. Specifically, Book Like A Boss customer decides what personal data to share with Book Like A Boss in order for Book Like A Boss to provide the customer with robust risk score information, certain licensed data, the ability to flag potentially fraudulent activity, and other services as purchased by the customer. In these situations, Book Like A Boss, as the Data Processor, processes personal data on behalf of the Book Like A Boss customer Data Controller at that company’s direction.

Book Like A Boss also operates as a Data Controller with respect to certain of its services and/or databases. When Book Like A Boss combines personal data from different customers, like many kinds of analytics services, it may do this both as a Data Processor at its customers’ instruction and as a Data Controller itself for the purpose of providing services to all of its customers. For example, Book Like A Boss may process and aggregate some of the personal data that a customer shares with Book Like A Boss in order to make that personal data part of another database for one or more other services provided to Book Like A Boss customers. The personal data shared may be combined with personal data elements chosen and provided by other customers.

4. How does Book Like A Boss handle data subject requests to exercise their rights under the GDPR?

Where Book Like A Boss operates as a Data Processor, Book Like A Boss will notify its customer if Book Like A Boss receives a request from a data subject to exercise the data subject’s right of access, right to rectification, restriction of processing, erasure (“right to be forgotten”), data portability, objection to processing, or right not to be subject to automated individual decision making (“Data Subject Request”). Book Like A Boss will also assist its customer in responding to a Data Subject Request, where legally required and permissible. Book Like A Boss’ customer is responsible for any costs arising from Book Like A Boss’ assistance with Data Subject Requests.

Where Book Like A Boss operates as a Controller, the data subject may contact Book Like A Boss directly to exercise their Data Subject Request. Further information is set forth in Book Like A Boss’ privacy policy.

5. Where can I find more information about Book Like A Boss’ privacy practices?

In Book Like A Boss’ privacy policy, available here. The Policy will be updated before May 25, 2018, to include additional provisions relevant to the GDPR.

6. How may I execute a Data Processing Addendum with Book Like A Boss?

Customers who have agreed to our online End User License Agreement (EULA) do not need to execute a separate Data Processing Addendum. The online EULA contains GDPR provisions.

Customers who have offline contracts (i.e., non-EULA) may execute a Data Processing Addendum with Book Like A Boss. Click here for a copy of our DPA.

To see a video tutorial about how to remove and redact client info please click below.