SuperSaaS appointment scheduling and the new EU Data Protection law (GDPR)


On May 25th, 2018, the General Data Protection Regulation (or GDPR) will come into effect. The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. SuperSaaS will be compliant with the GDPR when it becomes enforceable in 2018. If you use our appointment scheduling system to store personally identifiable data you may need to take action to ensure compliance with the new law.

What is the General Data Protection Regulation?

The General Data Protection Regulation (GDPR) is a new European privacy law due to become enforceable on May 25, 2018. The GDPR will replace the EU Data Protection Directive and is intended to harmonize data protection laws throughout the European Union.

The new legislation aims to improve security of personal information and harmonize legislation. New measures include:

What are your responsibilities as a SuperSaaS customer?

SuperSaaS’ customers will typically act as the data controller for any personal data contained in the appointment schedules or forms. SuperSaaS is a data processor and processes personal data on behalf of the data controller when you, or one of your end-users, is using SuperSaaS. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller.

Because your responsibility as a data controller depends on the type of information you store and it’s intended purpose we cannot give specific guidelines here. In a general sense, data controllers are responsible for implementing appropriate technical and organizational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, purpose limitation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data. If you are a data controller, you can find guidance related to your responsibilities under GDPR by checking the website of your national data protection authority. You may also want to seek independent legal advice relating to your status and obligations under the GDPR specifically tailored to your situation.

These points may be helpful to SuperSaaS customers:

What is SuperSaaS doing to comply with the GDPR?

SuperSaaS is already compliant with the current EU Data Protection Directive that the GDPR will be replacing. We will be fully compliant with the additional requirements set forth in the GDPR when it takes effect in May 2018. A non-exhaustive list of actions we have already taken, or are in the process of implementing:

If you have questions regarding our working methods with the GDPR, please feel free to contact us.