Digioh supports turnkey compliance with GDPR, CCPA, and ADA regulations.
The European Union (EU) instituted the General Data Protection Regulation (GDPR) in May 2018. This privacy law affects businesses that use and store the personal data of EU citizens, even if your business is outside of the EU. The GDPR imposes new regulations that can impact the users of Digioh clients. The California Consumer Privacy Act (CCPA) is a set of broadly similar regulations that apply to residents of California. The American Disabilities Act (ADA) is a US law that prohibits discrimination by businesses based on disability, meaning for example that websites must be accessible to the visually impaired.
Key points:
- Digioh supports easy affirmative opt-in compliance with required checkboxes, disclosure text, and links to your Privacy Policy.
- All opt-ins collected via Digioh are already handled in a GDPR- and CCPA-compliant manner. We collect all necessary data on submission, including the time stamp, and IP address. This information is available in the analytics section of your account.
- Digioh can optionally obfuscate data to remove PII on our servers, or entirely bypass data storage on our servers, sending only to your back-end system and meaning that Digioh is not a “sub-processor” for your user data.
- GDPR focuses on the storage, use, transmission, and deletion of the personal information of EU citizens.
- GDPR requires that EU citizens take an action to consent to the use of their personal information.
- Upon request, GDPR and CCPA require you to be ready and able to provide or delete any data on a given user in a timely manner. You can easily delete any data on a given user; just follow our instructions here.
- Digioh is SOC 2 Type II Certified. Report available upon request.
- Digioh supports SSO with your existing identity provider using the secure OpenID Connect protocol. All major identity providers are supported and we can provide custom integrations where necessary.
How Digioh Helps You Achieve GDPR & CCPA Compliance
Digioh forms require that visitors to your site enter their information and click a button to submit it. The intentional act of entering their email, and submitting the form is considered an explicit opt-in action in most countries/states, but for the EU, UK, and California, you must also have an (unchecked) checkbox for affirmative opt-in, and a link to your privacy policy. Digioh allows you to easily configure compliant forms, and target them to specific geographies.
We store permissions data for each submission as soon as the form is submitted. This includes the timestamp and IP address for each submission.
If a user reaches out to request that you provide or delete the data you have on them, we make it easy to do so.
Recommendations
We recommend that your data collection forms include a disclosure letting the visitor know that you will:
- Store their contact info in your marketing database.
- Send them marketing emails.
- Track interactions with your website for your marketing campaigns and advertisement placement purposes.
At the very least, you need to cover these items in your Privacy Policy and link to it from your forms.
No Data Storage
If desired, Digioh offers the option to avoid storing form submission data in your account. We would push everything directly to your integration and bypass our database completely. We can also obfuscate the data, meaning that data is stored by not readable. Learn more here.
ADA Compliance
Digioh believes that the Internet should be accessible to all. Out-of-the-box, Digioh forms provide comprehensive support to screen reader software used by the visually impaired. Digioh forms are compliant with both ADA and WCAG 2.1.
SOC 2 Type II Certification
As part of our rigorous commitment to privacy, security, and compliance, Digioh has obtained SOC 2 Type II Certification.
Digioh’s SOC 2 Type II report is available upon request.
Multi-factor Authentication
To provide an additional layer of security for your account, Digioh offers multi-factor authentication.