Does anyone know how Wave is dealing with GDPR?
Innopsis
Member Posts: 1
As 25th May looms closer, I need to get my GDPR information into line.
Does anyone know how Wave is dating with GDPR?
As you may know, if you deal with any personal data concerning someone in the EU (customer, supplier or anyone), GDPR applies. Breaches of GDPR mean a fine of 4% of your global turnover for the first offence, where you are based.
If I have to move my accounts to a UK based cloud provider, I'd like to know sooner rather than later.
0
Comments
Hi @Innopsis.
This has been a lot of talk about the GDPR recently, especially with the deadline quickly approaching. We, unfortunately, cannot give advice on compliance with any laws.
That being said, here's where Wave stands on the topic. Wave is a Canadian company and to date, Canadian privacy law (PIPEDA) has been deemed adequate by the EU, so there's no need for any Privacy Shield-like framework.
We have not been audited against the EU privacy standards, but are compliant with Canadian laws.
I hope this satisfies your question. If you have any further questions, please direct them to privacy@waveapps.com.
I assume from that answer that Wave has not given any consideration to GDPR?
That is going to be a problem for businesses in the EU who use services outside EU who have to meet the GDPR regulations and part of that would be assuring customers their data is safe under the terms of GDPR.
Hi @20Brandysnap18, if you have worries concerning the GDPR, I would recommend sending them by e-mail to privacy@waveapps.com, or speaking with your lawyer.
While I do empathize with the stress some of our European users are feeling over the implementation of the GDPR, I cannot give advice on compliance with any laws.
Unfortunately, unless Wave can guarantee that they are GDPR compliant, then we must assume that they are not - as the implications of falling foul of GDPR are now too onerous.
Unfortunately for me, as a small business, this means that I am going to have to take the very reluctant step of no longer using Wave for my invoicing after 25th May - and I suspect that every single European user is going to be in exactly the same position, unless Wave can categorically confirm GDPR compliance (which I suspect they cannot).
Interestingly, Stripe are working towards being GDPR compliant for 25th May.
More information can be found here:
https://stripe.com/guides/general-data-protection-regulation#stripe-and-the-gdpr
I would strongly urge Wave to consider Stripe's example - or you will lose all of your European customers.
Another EU Wave customer chiming in, Wave currently does not give me the tools I need to manage my customers data easily enough to comply with GDPR at the same time. From the replies above it sounds like Wave are focusing on Canadian customers and their requirements, so I'll have to look around for a more EU focused company.
@S2H my understanding is that we can store our data outside the EU (as per the cross-border data transfers bit) as long as the EU is happy enough with their rules (which I imagine they are for Canada). Having tools to help us find old customers (whos data we no longer need) or even better to let customers click a link to change/remove their own details would be great. Mailchimp is a fantastic example of this.
So we could continue to use Wave, but if they're not supporting us to be compliant it's going to create extra work and we may be better off with a company more aimed at our market.
Hi, @S2H and @Patabugen.
I don't have more information to share than what was posted above at this time. That being said, I do recommend you direct your questions to privacy@waveapps.com. Our privacy team will be the best equipped to answer you at this moment.
We really need something from Wave regarding GDPR, otherwise we will have to leave.
Hi, @samt.
As mentioned in my previous reply, I don't have more information to give at this time. I do encourage you to contact privacy@waveapps.com with any of your questions.
Anything on this yet?
Hi, @tingali.
I still don't have more information to give, but you might get more information by talking directly to our privacy team by reaching out to privacy@waveapps.com.
I am following too. Also contacted privacy@waveapps.com
Hi everyone!
We have just published a page on our Privacy terms about the GDPR. You can find it here.
We are glad to see Wave coming into line with EU legislation and GDPR. It is vital that business as well as customer/client are both protected when doing business online. I also assume Stripe is working to meet the EU standards too.
However, your statement on the subject does not specify categorically that you have met with 'full' compliance. Are we to assume, this is work in progress, and if so, when will the final full compliance with GDPR be announced?
It does say at the end: "We are working to meet GDPR requirements, and will keep you informed as we implement additional functionality to support your privacy rights." So hopefully they will be fully compliant soon.
@ samt: I can read the statement too. As an SME based in Central Europe, we have already met full compliance. I suppose it is right to assume European firms would take the lead on this directive.
I am hoping Wave will not be far behind, but if need be, Wave would have to provide information about where their servers are held, where all mirror servers (if any) are based, and what level of security is being employed to prevent any form of breach. These are pertinent as clients financial information is stored on their servers. As for financial information in general being held by businesses, (such as you and I) having read the full directive myself, client information regarding financial transactions may be kept for as long as you deem necessary for relevant authorities, such as Revenue and Customs, etc, (this is required by statute in most countries) but this can be made clear in your privacy policy statement. Templates (which can be up to 27 pages long) are available for download, and you can modify these to your own specifics, delete what is not appropriate, once you have the document approved. Let's meet it all together for the sake of EVERYONE!
Hi, @samt and @Vox.
We’re are always striving to advance our privacy and security measures. We have taken steps to identify areas of improvement and are working towards full support of GDPR. Though we can’t yet say with certainty when we will fully support GDPR, we will share that information with our customers when it’s available.
@ Vox: I am very sorry, I was only trying to help in case you missed it. I am also just someone very keen to stay with Wave and to have everything in place that we need.
Yeah, GDPR compliance is a must by 25th May, otherwise businesses will be leaving Wave....
Ok. Soooo, I guess we all need to move to a new platform. But now I still have a question about what we do with the old data? Do we need to delete everything from wave? Or since it was entered before May 25, is it ok?
@samt? @Vox? Any clues?
No idea?
@Casandra
Well, I would not jump ship yet. Wave is a good product, and we have Alexia here confirming wheels are in motion, but of course that's not a legally binding statement. However, I have on good authority, it will be a while before full implementation, (some EU members are still appointing regulators). Here in Italy, the business news tells me firms are still finding feet, many in the UK, still have no policy drafted. Let's not also forget, the GDPR are here to protect you and me. I for one, get fed up with hearing of massive security breaches from online sites, and 'your data is possibly compromised'. This ruling aims, (in the longer term) to help to prevent that, and for you to be in the driving seat, not the company holding your info. Sadly, it will not stop rogue mails, or general pests from illegal servers based outside the EU, but why would you want to trust your details with them in the first place? What you have seen recently in the US press about some sites having to close down, is simply operators who have no privacy in place. In summary, SME's (small firms), don't be worried, large firms who are on aggressive marketing attacks to the EU, be very, very cautious. Everyone should make sure passwords are as strong as possible, if you are keeping other people's data on servers. Watch and wait, and keep checking back every 2 weeks. I am sure Alexia at Wave will be reporting back to the management team, or what she should be doing under the new rules EU 2016/679 the company's appointed 'data protection officer'.
@ everyone. This is a link straight to the horses mouth. Some helpful factsheets are here (very easy to read) and of course, the full regulation.
https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en
Hi, @Vox.
I just want to clarify that I'm only speaking based on information provided to me by our security, privacy, and communications teams. I don't have any formal authority on this matter, I'm only acting here as a support agent. Rest assured, however, that your concerns are being forwarded to the appropriate team.
With that said, I absolutely do intend to keep Wavers on the community informed of any development on GDPR compliance.
Hi,
Have you made any progress on becoming GDPR compliant please?
@drkoula our GDPR page is up to date with the latest information available to our team. We are always striving to advance our privacy and security measures. We have taken steps to identify areas of improvement and are working towards full support of GDPR. Though we can’t yet say with certainty when we will fully support GDPR. When we have updates, this page will be updated and we'll report back here as well.
**What is the GDPR status now? **
Hi, @tingali.
We'll be keeping the page linked in Charlotte's last reply updated as we update our own systems to comply. Keeping an eye on it is the best way to stay up to date with our GDPR compliance.
Hi Everyone! GDPR is now alive and working well, which leaves me in a quandary about Wave. I love Wave and would be delighted to know if the privacy policies are Fully GDPR compliant. I checked the link @Charlotte posted back in May, but I can't see if anything has changed since then. I would be very grateful if there has been any update now that any ambiguity has been quashed, Thanks in advance
Hey @Emma! As of right now, we still do not have any updates as when our system will be in full support of GDPR. The updates for this will land on the page that Charlotte has shared with everyone -- we appreciate your understanding and patience on this.
I've just discovered this thread and am a little concerned now as there doesn't seem to have been any update on the GDPR statement from Wave for over a year. As a UK-based business I wonder now whether I should even be using Wave at all?? Is there any progress on GDPR-compliance from Wave?
Thanks, Jo