I suggest you ...

Specifying Legal Basis for processing data

This is a requirement under GDPR, but it does not seem to be covered in the Iubenda privacy notices - will this be added?

56 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Anonymous shared this idea  ·   ·  Admin →

    10 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • JKat commented  · 

        My understanding is that "lawful basis" is chosen and documented on a per-contact basis. It doesn't belong in the privacy policy.

      • Exitus Elite Admin commented  · 

        Just found this statement on the length of data being stored.

        Retention policy - This field refers to how long data is being stored.

        The default option is “keeping the data for the time necessary to fulfill the purpose” and should apply to most cases. Otherwise, you can choose from a period of 1 up to 5 years.

      • Exitus Elite Admin commented  · 

        If they do not have the specific piece to accommodate the DPA then you will not be GDPR compliant come Friday... oh what to do...

      • Exitus Elite Admin commented  · 

        So glad I found this thread as I've spent the past hour trying to find that language. that is a HUGE piece of being GDPR compliant. Really the main focus is the data processing agreement (DPA) - I'm 50% sure the time frame is no more than 1 year as a standard.

      • hellobug commented  · 

        I also believe there needs to be a way to specify in details for how long data will be stored...is there any way to add that "manually"?

      • DTC commented  · 

        I agree with this. We must state which lawful basis we are using, yet the GDPR element is so generic that it almost touches on all in my policy....

        How is everyone getting around this for now?

      • Danvers commented  · 

        I agree with this but would like to go further. For example, we have various contact forms on our site (including a "demo request") - since we are a B2B business, we would like to rely on legitimate interest / opt-out for further contacting those people for marketing reasons, beyond the initial demo, but short of writing our own text, there is no option for this.

        Looking forward to an update from Iubenda.

      • Anonymous commented  · 

        Thank you for the GDPR update! You could still further enhance the service by allowing the website owner to choose the legal basis of processing.

        Currently, the policy does not seem to fulfill the requirements of GDPR since it does not actually specify which legal basis is relied on. WP29 has stated: In addition to setting out the purposes of the processing for which the personal data is intended, the relevant legal basis relied upon under Article 6 or Article 9 must be specified.

        Listing all the possible legal basis under GDPR does not fulfill this requirement.

      • Sophie commented  · 

        I've asked the same question to Iubenda via a contact form. This is really bothering me. I promote Iubenda to clients on the basis of taking some of the pain of GDPR away but at the very least I expect the privacy policy to be compliant - which I don't believe it is currently.

      • Anonymous commented  · 

        This is still not included in the Iubenda privacy policies. You have stated in your email to users: "We can confirm that all of iubenda's current solutions will be fully GDPR ready by the end of April. The GDPR comes into effect on the 25th of May 2018." Currently it does not seem to be the case - can you confirm that you are working on this?

      Feedback and Knowledge Base