myQuest & the EU GDPR: We’ve Got You Covered!

Posted on
May 24, 2018
by
Billy Mike
from myQuest

We have updated the terms of our Privacy Notice in order to give you full transparency about what data we collect, how we use that data, and what steps you can take in order to control how your data is used. You can view the updated notice here. Our Privacy Notice will be clearly accessible at all times to all of our users and we will notify you of any material changes by posting an updated Privacy Notice on our website. Two important things As a Quest creator: a: As a myQuest mentor, since we don’t have direct access to your users, we would recommend you to update them about the new privacy policy and actions that we took. b: You can also create your own privacy policy and terms of use for your users, specifying how will you handle the data that we provide you. If you like to do so, please share with us the relevant docs and we’ll update those for your users. For your convenience we can also provide you with a template for you to use if you choose to do so. (please keep in mind we still recommend consulting your own attorney about this).We ensure that we only collect data that is necessary in order to provide you with services or in respect of which we have a legitimate interest. In the same vein, data provided will only be retained for as long as necessary. We are instituting agreements with any parties that process your data on our behalf in order to help us provide you with the services in order to ensure that your data will be handled in accordance with the GDPR’s requirements. We are implementing appropriate technical and organizational measures in order to keep your personal data secure. We enhanced the security of the platform and hired a third party security expert vendor to find all security breach and rectify those. On a corporate level, the myQuest Board of Directors approved the Company’s efforts toward compliance with the GDPR. We appointed a Data Protection Officer (DPO) – as part of the analysis of requirements under the GDPR Attention, Attention! On May 25th, 2018, The EU General Data Protection Regulation (GDPR) will be in full effect.

So, What is GDPR?

EU privacy legislation will provide guidelines to improve data protection across EU users. As a result, it will directly impact the way businesses collect, use and protect personal data in the EU.

If You are in the EU or have clients in the EU, Does This Apply to You?

The GDPR applies to any organization established in the EU and any organization that processes, manages, analyzes or stores personal data of EU residents. As always, consult with your legal counsel.

What are some examples of Personal Data?

Any information relating to a person: names, email addresses, billing information, passwords, or IP addresses.

What exactly does being compliant with the GDPR mean?

When it comes to the security, compliance and data protection, the GDPR adds another layer of building accountability and trust between your clients.

Are there Requirements that the GDPR has implemented?

Yes. These requirements range from, but are not limited to:

  • ‍Data Processing which includes data processing agreements, controllers & processors, data protection officers.
  • Consent where a organizations have an obligation to be transparent and present information around data processing
  • Individual Rights that relate to any personal data, right of access, right to be forgotten, right to object.

As always, consult with your legal counsel.

What the GDPR Means for Quest writers and mentors

The scope of the GDPR is very broad. Not only does it affect all organizations established in the EU; it also applies to any organizations involved in processing the personal data of EU citizens, no matter where they’re located, across industries and sectors.

As a quest mentor, you may be wondering if you need to comply with this new regulation. As with any legal matter, we suggest consulting with legal and other professional counsel regarding your compliance obligations.

However, as a rule, if you process any personal data of EU residents—even just collecting or storing their names and email addresses—the GDPR will apply to you.

The GDPR’s main impact on myQuest Quest mentors and their students has to do with:

  • ‍Processing data requests (“right to be forgotten” and “right of access”)
  • Freely given consent to send information via email
  • Handling data sent to third-party services (sub processors)

It’s important to note that while we’re creating tools to help you be more compliant, there are still responsibilities you have to take on. That’s why we always recommend seeking your own legal counsel.

How can you prepare for the EU GDPR?

If you are processing the personal data of European Union residents, then the EU GDPR may apply to you. While myQuest is unable to provide legal advice, we encourage quest mentors to take further steps to determine whether or not you’ll need to prepare for the GDPR. You may wish to:

  • ‍Consult a legal professional regarding the GDPR requirements and how they affect your school’s Terms of Use and Privacy Policy
  • Familiarize yourself with the requirements of the GDPR
  • Review your sub-processors to determine if they are compliant with the new regulation
  • Set up email unsubscription automations using either webhooks or the Zapier unsubscribe trigger

Steps myQuest took to comply with GDPR

  1. We have updated the terms of our Privacy Notice in order to give you full transparency about what data we collect, how we use that data, and what steps you can take in order to control how your data is used. You can view the updated notice here. Our Privacy Notice will be clearly accessible at all times to all of our users and we will notify you of any material changes by posting an updated Privacy Notice on our website.

    Two important things As a Quest creator

    a: As a myQuest mentor, since we don’t have direct access to your users, we would recommend you to update them about the new privacy policy and actions that we took. b: You can also create your own privacy policy and terms of use for your users, specifying how will you handle the data that we provide you. If you like to do so, please share with us the relevant docs and we’ll update those for your users. For your convenience, we can also provide you with a template for you to use if you choose to do so. (please keep in mind we still recommend consulting your own attorney about this).

  2. We ensure that we only collect data that is necessary in order to provide you with services or in respect of which we have a legitimate interest. In the same vein, data provided will only be retained for as long as necessary.
  3. We are instituting agreements with any parties that process your data on our behalf in order to help us provide you with the services in order to ensure that your data will be handled in accordance with the GDPR’s requirements.
  4. We are implementing appropriate technical and organizational measures in order to keep your personal data secure.
  5. We enhanced the security of the platform and hired a third party security expert vendor to find all security breach and rectify those.
  6. On a corporate level, the myQuest Board of Directors approved the Company’s efforts toward compliance with the GDPR.
  7. We appointed a Data Protection Officer (DPO) – as part of the analysis of requirements under the GDPR

Additional Resources

For more information about the EU GDPR, see here:

For more information about myQuests current terms and policies, see here:

Recent Articles

Back to Blog