We are now living in a post-GDPR world. By now, you must have noticed some of your favourite sites (including Chessable) showing you “proper” consent notices, adding cookie banners and what not.
Today’s blog post is to summarise what we have done to be compliant with the GDPR. Plus, we wanted to let you know that having concluded this work promptly, it means that we can now kick off June with a bang.
We are free to focus on site improvements, fixes, and cool stuff.
Now, I’d like to summarise what we have done to look out for your privacy.
During the last few months, we also underwent many GDPR oriented activities. From staff training to creating documents specifying processes, and more. After reading the regulation, and discussing with lawyers, we engaged in a comprehensive 100+ step checklist to make sure we complied with the GDPR. Once done, we generated a 34-page PDF report highlight our commitment to cover all bases to protect your privacy.
We also created a Data Map, analysing all the data we collect from users and staff, and what we use it for. We’ve minimised and deleted any unnecessary data. We only collect the bare minimum, as you will know when you signed up, which you can do with just your e-mail and a pseudonym.
Furthermore, we’ve made sure any data we share with third parties (e.g. collecting a payment) is restricted to the bare minimum too. We’ve made sure data is anonymous where it’s unnecessary to share the full data, for instance, with our video streaming provider.
We’ve signed Data Processing Agreements with all of our service providers, legal contracts that ensure they look out for any data they have by complying with the full GDPR regulations.
That’s not all, in the last few months we’ve undertaken an excellently-rated, third-party static code analysis to make sure our software is as protected against cyber attacks as possible.
We’ve also taken active preventive measures by planning to undergo a penetration test with a top security company shortly. And of course, we checked in with our web hosting team and their system admins to make sure our backups, our firewalls, and our servers are in top health and ready to continue serving you in a safe and reliable manner for the exciting future ahead.
Most of the changes outlined in these paragraphs apply to all of our users, not just from the EU. So you can rest assured that any data we may receive from you, is being looked after to the full extent of our ability.
Now, privacy ensured, back to the fun world of developing useful chess learning features. See you around the site!
David is Chessable’s CEO and Chief Scientist. He finished his dissertation on expertise and expert performance as part of a MSc in Psychology of Education (BPS) at the University of Bristol, and also holds a PGCert in Applied Psychology from the University of Liverpool. David’s chess rating is around 1,850 FIDE.