The European Union’s General Data Protection Regulation (GDPR) will officially go into full effect on May 25, 2018. This and other upcoming privacy regulations will have a big impact on anyone holding or processing data. We here on the MatrixMaxx team take privacy seriously and are working to enhance our suite of reporting tools to meet the needs of GDPR and future regulations designed to keep all of our personal data secure.
The MatrixMaxx Stance: Privacy is a team effort
The MatrixMaxx AMS team takes Data privacy and security very seriously. (Our own info is in these databases, too!)
As a Data Processor, it is our responsibility to provide the necessary tools and expertise to support you – the Data Controller – in properly handling your Data and responding appropriately to user inquiries and requests. Together, we have a shared responsibility to keep the data that is entrusted to us safe and secure.
Our hosted databases hold the Data for you – our clients – the associations who are the data controllers. Your data is held on a secure MatrixMaxx server. We do not contact people in your implementation Data, or share your info with any other party except as required by law, or as you direct us. We access your Data for support and troubleshooting purposes, and that’s it.
Information and Resources to get you started
We have already released a variety of resources, including an upcoming webinar on Tuesday, May 22, 2018, to help ensure everyone is prepared for this new approach to thinking about data …
- Blog: What is GDPR and What Does it Mean for My Organization?
- Blog: What Do I Need to Do to Become GDPR Compliant?
- Blog: WordPress New Data Privacy Features
- Video: What is GDPR and How Will it Affect My Organization?
- Video: GDPR Compliance: How to Get Started
- Webinar (May 9, 2018) Recording: Matrix Group Webinar: The Road to GDPR Compliance – People, Process & Technology
- Webinar (May 22, 2018) Recording: 7 Things You Can Do Now to Comply with GDPR – Cookies, Privacy Policies, Communications, and More
- Revised Privacy Policy: We have already made some updates to the Matrix Privacy Policy, and will soon be doing more, including the addition of an in-depth cookie section
- Help Article: COMING SOON: How to best make use of MatrixMaxx and its tools for GDPR compliance
- New Tools and Reports: COMING IN THE JUNE 18.2 RELEASE, see more below …
The MatrixMaxx Response: Tools and Knowledge
We are currently assessing our modules and tools, and making a series of adjustments and upgrades to ensure we are providing appropriate functionality to support your compliance with upcoming privacy and security regulations.
- MatrixMaxx has documented all Cookies – both essential and non-essential – in use by MatrixMaxx, so that this information will be easily accessible to you as the Controller for use in your Privacy and Cookie policies.
- MatrixMaxx is supporting Requests for Information and Data Access by upgrading the existing Individual Participation engagement report to include additional information. This Personal Information Report will be attached to each individual in their intranet report section, and is designed to give staff the tools they need to respond to an official request for access to personal data.
- MatrixMaxx is supporting the Right to be Forgotten by creating a new Anonymizer function, as well as best practices and instructions for utilizing this new function, appropriately.
- For our clients who determine that some of their data processing activities fall under the basis of Consent (as opposed to other categories such as Contractual Obligation or Legitimate Interest), we are exploring tools in both the short and long terms to help support this.
- In the immediate term, MatrixMaxx is developing:
- The addition of an Individual Demographic ‘Consent Preferences’ that would be available generically on the Staff Intranet side of all MatrixMaxx implementations. (Any client who wishes for this field to be made available on the WWW-side create/edit profile flow should then contact Matrix Group. Some clients do not want or need this.)
- Ability for client staff to remove users from WWW-side displays …
- Associations can already exclude individuals from the WWW-side member directory. This is a generic individual demographic field in the MatrixMaxx AMS product. (During implementation, some clients opted NOT to make this field available on the WWW side, some have custom directories, and some asked us to remove this field altogether. If you are one of these clients and wish to revisit this setup, please contact Matrix Group for assistance.)
- Associations can already exclude individuals from the WWW-side committee rosters by tagging them as ‘silent’ members of the committee.
- MatrixMaxx is currently developing the ability for meetings staff to ‘Exclude from WWW-side Attendee Roster‘ at the registration level. This will allow staff to respond for individual requests to not be part of the roster.
- In the longer term, MatrixMaxx is exploring:
- A reconstruction of the WWW Individual Profile form, allowing consent to be a greater or lesser part, depending on the association
- Asking ‘Country’ as part of the minimum required fields for a new profile
- More self-service options for WWW-side display, including field-level controls for users
- In the immediate term, MatrixMaxx is developing:
Looking Ahead …
As GDPR comes into effect, and its grey areas become worked out, MatrixMaxx and the Matrix Group will stay on top of these clarifications and incorporate new functionality as required.