GDPR – What is it? and how have we prepared?

In order to further improve the protection of your personal data and provide more transparency on how it is used, the EU has created the new General Data Protection Regulation that came into effect on 25th May 2018. Here's what we're doing at Idea Drop with your data.

Hugo Lakin
by Hugo Lakin

The General Data Protection Regulation (GDPR) came into effect on 25th May 2018, majorly tightening up the laws on data storage and processing.

At Idea Drop, we’ve been working hard to prepare for GDPR, to ensure that we fulfil its obligations and maintain our transparency about how and why we use data.

We’ve been asking lots of questions, and our customers have been asking us questions.

Here’s an overview of GDPR, and how we are preparing for it at Idea Drop:

How is Idea Drop preparing for GDPR?

Enhanced data deletion and export features

The GDPR empowers “data subjects,” the individuals from whom the data has been collected, to control who has their data.  We already provided rich data export functionality and the ability to delete customer data, however we have further improved these features to make it easier than ever to remove and delete your data.

Comprehensive review of vendors

We know we have an important responsibility when it comes to scrutinising the vendors we use to help us provide our services to our customers. Part of our readiness plan is making sure our contracts adequately address the security, privacy, and confidentiality of our customers’ data under GDPR. We have reviewed all our vendors, investigating their GDPR plans and arranging similar GDPR-ready data processing agreements with them.

Enhanced privacy and security awareness program

We’re launching a new comprehensive, company-wide privacy and security training portal to augment our current training program. Every Idea Drop employee, regardless of whether they access customer data, will receive important and up-to-date training on data privacy and security.

Incident response plan

We have implemented a formal procedure for security events and have included this plan in our GDPR education to our all staff. When security events are detected they are escalated to our emergency alias, teams are paged, notified and assembled to rapidly address the event.  After a security event we write up a post-mortem analysis, which is subsequently reviewed in person and distributed internally and externally. We can then use this report to take further steps to detect and prevent similar events in the future.


Do we process personal data of our customers?

  • Yes, we process customer personal data to provide Idea Drop and for other specified purposes described in our Privacy Policy and Terms of Service.

Where is the data hosted?

  • All data is hosted within Idea Drop’s AWS infrastructure. Data is located in our London servers.

What are your data retention and deletion processes?

  • Data is held for 21 days after data is no longer required. The data is then deleted straight from our cloud servers.

If you would like more information or have follow up questions do not hesitate to contact us at

Capture and action the best ideas from your people.

Crowdsource, curate and implement the best ideas from across your teams to grow your business faster.