How Deliverect Protects Customer Privacy and Provides Data Security: GDPR Compliance

As ordering food online and through third-party apps rises in popularity, many restaurant owners suddenly find themselves with more data than they know what to do with. Although this massive amount of information—often collected from loyalty programs and third-party delivery apps—can prove helpful, it also introduces a new challenge for restaurant owners as they scramble to protect customer data. Enter the General Data Protection Regulation (GDPR). Under this guideline, restaurants and other businesses must implement tactics to improve data privacy and protection.

The following sections break down the GDPR, how it can affect you, and how Deliverect uses it to protect our customer data.

What is the GDPR?

The GDPR is a legal framework that sets guidelines for collecting and processing personal information from people who live in the European Union. The GDPR is designed to protect the personal data of EU citizens. This regulation gives consumers more control over their personal information and what companies do with it.

Two of the GDPR's most valuable aspects are that it makes consumers aware of their rights and holds companies responsible for communicating the legalities of their data use. Karim Rammaoui, Head of IT and Security at Deliverect, says this is beneficial because many customers aren’t even aware they have data rights.

"GDPR really gives back to the customer," he shares. "Companies have to state what they're going to do with the data and make customers aware that they can access, modify, export, report and object processing of their data"

How Does GDPR Work?

While the GDPR is primarily designed for the EU, it can apply to companies regardless of where their website is based. For US restaurants with no plans to expand their eatery empire overseas, it may seem like you can ignore GDPR. However, that’s not necessarily true.

According to the regulations, if your website attracts a customer located in the European Union, you must implement GDPR standards. That means if you have even one European customer who purchases some of your eye-catching merch, you must ensure you uphold GDPR rules.

These rules mandate that companies give their website visitors several data disclosures and ensure that their site notifies customers of any personal data breaches quickly. Companies are also responsible for following security best practices and principles like the “need to know basis” principle, which states that only those who genuinely need access to data to complete job tasks receive access.

“(At Deliverect) we also get rid of the data we don’t use,” Rammaoui explains. “We try to collect the minimal data we need from the customer, like their name, email address, and the restaurant location. But we don’t want to ask them things we don’t need to process, like their favorite ice cream. We don’t need that type of data. When we get to the moment where we no longer need the data, we anonymize it.” 

What Does GDPR Compliance Look Like?

Because GDPR covers many different businesses in various industries, being GDPR-compliant may look a little different depending on the market you serve. However, restaurant owners must remember that GDPR compliance isn’t a one-time certification or even one you can renew yearly.

Remaining GDPR compliant is an ongoing task. That’s because technology and the way we use data are constantly evolving. Regularly updating and tweaking your site’s GDPR compliance ensures that your customers’ data stays as private as possible. Suppose restaurants fail to comply or maintain their GDPR compliance. In that case, they face fines up to 4% or more of their annual global revenues — up to 20 million euros, whichever amount is more significant. The amount you pay is also dependent on your level of infraction.

Managing your data can be difficult with many delivery services and third-party apps. According to the National Restaurant Association, there are six significant ways your restaurant can be GDPR-compliant:

1. Follow the data: Applies to all personally identifiable info (PII), i.e., the typical data a restaurant gathers. Conduct an audit, then track the data to find out where it came from and what, if any, consent you received. If it isn’t GDPR compliant, then delete it accordingly.

2. Get valid consent: Make sure customers freely consent. The GDPR states that customers should be able to opt in and out of data collection and usage.

3. Give customers more control over their data: Give customers easy access to quickly follow up on their requests to remove or delete their info.

4. Update your privacy and cookies policies: Review your current policies and revise them so that you are transparent about your customers’ data collection and usage.

5. Verify that all third-party suppliers comply: Confirm that the third-party vendors you partner with, including web developers and food delivery apps, are also GDPR compliant.

6. Document all your work: Documenting your continuous efforts ensures you’re well-prepared should you be audited.

How Deliverect Handles Customer Data

First and foremost, our team at Deliverect believes that our customers must know that their data belongs to them. It is a precious commodity that Deliverect takes great pains to treat carefully.

“We know that customer privacy and data security are more important for our customers. So we want to be ready to answer all requests and show them that we do our best to protect their data,” Rammaoui says. “You have to show your customers that you care about their data privacy by implementing sufficient security controls and continuously improving your security posture. This is why we provide our employees with security awareness training and the necessary security tools to do their job.”

At its most basic, our goal is to provide customers with a product that streamlines their business and boosts revenue. However, it is also essential to earn customers’ trust by diligently protecting their data. For example, one of the top differentiators that separates Deliverect from most restaurant management software companies is that we don’t sell customer data to anyone, period.

 “The data we get from consumers is only used for what they need, like processing orders,” Rammaoui explains. “There is no third-party marketing company that runs them or advertises them. And we do our best to give customers maximum control over the data they share with us. So, the data remains within Deliverect systems and sub-processors, and we always do our best to protect it with the best industry security practices.”

Another difference lies in our transparency. Our customer privacy policy, widely available on our website, clearly details what we use customer data for and how we protect it. This way, clients can see that we already have solutions in place for data, privacy, and security. 

If you’d like to dive further into our privacy policy, you can do so here.

Deliverect

Abiding by GDPR rules is essential to protecting customer data and providing excellent data security. We at Deliverect take this very seriously, as well as the costs of being GDPR compliant.

If your restaurant struggles to protect customer data, investing in a restaurant management platform like Deliverect can help give you peace of mind. In addition to protecting your data, we help streamline your front-of-house and back-of-house operations by automating orders, seamlessly integrating with your POS system, providing valuable reports, and more.

Contact our team today for more information about Deliverect and our other services.