The Kalo App & GDPR

On the 25th May the new EU General Data Protection Regulations (GDPR) will come into effect and lead to all EU based companies taking a lot more care of, and being a lot more open with, what they’re doing with their customers data.

Here at Kalo we’ve been reflecting on everything we currently do and thinking about how GDPR is going to affect us. We wanted to share a little bit of insight into what we’ve done, are doing and planning to do in order to be ready by the 25th May.

We’ll be updating our Terms of Service and Privacy Policy to reflect our compliance with the GDPR regulations. Learn more about what we’ve changed from a business perspective at https://kalohq.com/privacy

Email notification preferences

A lot of interesting things happen on the Kalo platform; freelancers being onboarded, work assigned and invoices getting paid. We want people to know about these sort of actions and currently our best approach to this are emails being sent from the app to our clients. These are hopefully all things that our users should be excited to hear about, but in light of GDPR these are things that we should allow users to opt-out of. This is functionality we’ve had in place for our client users for a while now but we’re also adding it for our freelancers.

Just a couple of the notifications you can opt out of when updating your notification preferences.

Email marketing preferences

In addition to the things which happen inside of the application, we like to let users know about the new functionality we’ve been adding. Up to now this has been turned on by default for all users. From May 25th the GDPR have stated that all external communication unrelated to a user’s day to day interaction with the applications should only be sent to users who have consented to receiving them.

Existing users now have the option to say yes/no to our marketing comms

We want to make sure that those emails only make their way out to the people who want them. For existing users we’re promoting this feature via an in-app banner and for new sign-ups we’re making marketing consent part of the initial sign-up process along with the option to change this at any time in our notifications preferences section.

Delete my account

When turning off email preferences isn’t quite enough for a user then we have to provide the ability for them to delete their account and have their data removed from our systems. And under the light of GDPR a delete really means delete, not keep the data around but mark the user as inactive.

This has caused a few data integrity problems. A good example is that we create invoices for the work a freelancer has done for their client to pay and store. If we remove all the freelancers information, these invoices become invalid, so we’ve had to do some clever tricks to ensure we keep both our clients and freelancers covered with this feature.

Data/tooling audit and clean up

Thinking about the GDPR has provided us with an excellent opportunity to think about:

• what information we hold about a freelancer
• the tools we use to access that data
• our process when it comes to debugging live site issues

This has been enlightening as it has provided the chance to do a little bit of a holistic analysis over the things that we do day to day, and think if we could do things better. It has allowed us to take a look at the information we store about our customers and in the cases of where we feel like it’s no longer for us to keep, we’ve deleted it and won’t ask for it from new signups anymore.

We’ve rolled the user facing changes out over the past week but we’ve been shipping the back office and non-user facing things for the past month.

Want to know anything else? Please drop us a line at gdpr@kalohq.com