Mono & GDPR
The Mono Platform provides all the functionality to make it easy and convenient for your SMB customers to comply with personal data privacy regulations.
Please note that Mono Solutions is not in a position to offer legal advice, and we therefore recommend that you consult your own legal counsel.
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation aimed at strengthening the data protection of individuals (data subjects) within the EU. Its focus is to give more control and transparency to data subjects about what, how and when data is collected about them online. With the GDPR, data subjects have four main rights:
Who is who in GDPR
In handling personal data, each entity has a specific role. For more detailed information on each specific role, we recommend this article. In the context of Mono as the technology provider, the following roles apply:
When does it start?
The EU GDPR comes into effect on May 25, 2018.
How it affects smbs
Across all EU member states, the regulation is intended to make it simpler for businesses to comply with personal data protection. It also means that all SMBs that serve EU citizens need to comply with GDPR. For example, if a small business outside of the EU offers their products/service to EU citizens, then they will need to comply with GDPR.
Who needs to take action
While the Mono Platform provides the functionality to ensure that websites built on it can easily comply with GDPR, it is ultimately up to your SMB clients to ensure that their business is compliant. But of course, there are some steps that can help them along the way.
From a platform perspective
With Mono CRM, your SMB clients can store data on customers and prospects (data subjects) in one place. Managed centrally, CRM helps SMBs get a better overview of the personal data they have on any given individual. Mono CRM also features clear permission settings that display whether a user is registered to receive email campaigns, and if a user has access to password protected areas.
With a dedicated system in place to store and manage data, SMBs can more easily understand what information they’ve collected from their website visitors (data subjects), and establish clear processes on how to manage their collected data.
In most countries, business owners are required to keep transactional data (order data) for at least five years. We will be adding functionality to make it easy for your SMB clients to adjust this and delete the data after a specific amount of time, as specified in their country's regulation.
Note that payment information (e.g. credit card details) is not stored on the Mono platform. We recommend you engage directly with the payment gateways you use to understand their compliance in relation to GDPR.
Other cookies used within the platform are based on sessions and are necessary in order to carry out and support basic website functions such as login, form submissions and maps. Just as with analytics, these cookies are not personally identifiable and only session-based. In short, the cookies the Mono Platform uses do not affect an SMB’s ability to comply with GDPR. As a reminder, Mono does not take any responsibility for third-party code or applications added to a website.
Given all of this, Mono does not recommend our partners to take a one-size-fits-all approach to updating SMB’s legal texts regarding the collection and use of data. Legally, Mono has been advised not to support this action on behalf of our partners so requests to update privacy or legal texts en masse are not possible.
Mono Solutions is committed to operating within legal requirements on all levels. From a technology standpoint, we are focused on ensuring that personal data management is as straightforward, simple and convenient as possible for your SMB customers (data controller). On an organizational level, Mono Solutions is undertaking all necessary measures to ensure full corporate compliance, including but not limited to:
Mono Solutions does not share personal data with third parties beyond what is needed to provide our core platform and services (e.g. the provisioning of domains).