Updated response available: September 2019
If you’re reading this article, you’re likely aware of the upcoming General Data Protection Regulation (GDPR), which is rolling out from 25 May 2018. Replacing the Data Protection Directive 95/46/EC, the GDPR legislation must be followed by every organisation that processes personal data of European Union citizens.
Mentoring relationships can be life-changing, magical, deeply personal, and we believe they’re also private and confidential. This belief has informed how we’ve designed the Mentorloop platform, and is why we’ve always been committed to the Australian Privacy Act. As we grow, and more and more of our users are accessing mentoring relationships from all over the world, we’re expanding this compliance to take into account additional local legislation.
Luckily they all have many things in common with the Australian Privacy Act, such as:
- Considering privacy from first principles of our product design
- Demonstrating compliance with the Australian Privacy Principles
- Never collecting data from our users without transparently disclosing how it will be used
- Mentorloop is an opt-in platform, users explicitly provide consent for Mentorloop to use the data that they provide us to match them in relationships, and provide a better mentoring experience.
So we’re working on the following:
- Transparent Data Processing – clients who have asked us have been told how and where we store user data, but we’re now getting on the front foot to make this clear to all new and existing Mentorloop clients.
- Right to be forgotten – this has never been something we’ve denied users, but there also hasn’t been a clear process around it, so we’ll be changing that.
- Support in the form of help and tooltips for admin users who manage mentoring programs – to help them make good privacy decisions when accessing their user data.
- Helping clients and users understand how we work with 3rd parties (e.g. Sendgrid, Intercom) to help deliver our service, including confirmation that those 3rd parties are GDPR compliant.
Our commitment to privacy best practice is ongoing and will continue to develop beyond the 25 May 2018 GDPR rollout, but this “deadline” has given us a chance to speak to our clients in more detail about how we process user data, and their expectations for same.
We look forward to continuing to make life-changing mentoring relationships happen globally, while respecting and protecting the privacy of our users.
Any questions on the above, please email firstname.lastname@example.org.