New: The WhatsApp Business Solution is now available. Apply here for access.


GDPR: Privacy by default and design

Enjoying safety and privacy with social messaging without any worries. That is what SaySimple offers. We have been GDPR-ready since January 2018, with the goal to ensure carefree customer contact.

SaySimple is


The GDPR is the new privacy legislation which came into effect in the Netherlands on 25 May 2018. This legislation replaces the previous Personal Data Protection Act (Wbp) and it gives individuals more control over their own data which they need to provide to companies. The General Data Protection Regulation (GDPR) is a legislation that regulates the privacy on a European level. It protects the personal data of all European citizens, also when companies operate outside the European Union but process data of European citizens.

Privacy by
default & design

SaySimple has been established by people from the Just Internet Group Holding, which means that we can build on more than 20 years of experience in the field of the careful handling and processing of data and privacy. The moment SaySimple became operational, our motto has been ‘privacy by default’, meaning that privacy is standard and not optional. To guarantee this, we already take the manner in which we can minimize and secure our data processing into account during the first phase of the product development; ‘privacy by design’.

Generally, SaySimple is commissioned by our clients as the ‘Data Processor’ and our client is the ‘Data Controller’. Where the Wbp stated that the client was the main responsible party to ensure the careful processing of data, the GDPR now specifies that this is a more shared responsibility.

In order to ensure that the collaboration SaySimple and its clients can be carried out in good faith, we do our utmost to operate as transparently as possible. This has resulted in various actions, from participating in workshops and setting up data processing registers to employing data protection officers.

SaySimple also enters into an extensive Data Processing Agreement with all its clients that clearly states which data is processed and in which manner this is organized. Clients do not have to concern themselves about the data and they can focus on their core business and customer services.

In addition to being the ‘Data Processor’ for its clients, SaySimple is also the ‘Data Controller’ for its own data. When taking on the role of Data Controller, SaySimple handles the personal data and all other information just as meticulously, as described in our Privacy Statement (Dutch).

for individuals, consumers, and all other people involved

As the GDPR has come into effect, individuals have more rights with regard to:


In accordance with the GDPR, all organizations must be given the individual’s consent before they can process personal data. Requesting this consent also involves a large number of conditions. Organizations must be able to prove that this consent has been given and, furthermore, they have to provide a straightforward way for individuals to retract this consent.

Right to erasure

From the moment the GDPR came into effect, individuals also have the right (under certain conditions) to receive their personal data from the organization, provided in a standard format. This is the right to data portability. This way, individuals can easily forward their data to another supplier that offers the same kind of service, or they can even demand that the organization forwards the data directly to the new service provider.

Right to access

The right to access has been extended to new information elements, such as the retention period and information on the disclosure of data to third-party countries, as well as the respective established securities.

Right to restrict processing

This means that the organization is (temporarily) not allowed to process personal data. The processing is only allowed with the consent of the person it concerns. Before the limitation is lifted, the data controller needs to inform the person it concerns that this will happen.

Right to rectification

The GDPR also states that people have the right to request rectification of their personal data. They can ask an organization to improve their personal data, add data, or make data inaccessible to others.

More information?

Do you want to know more about the measures we have taken with regard to the GDPR? Or are you curious to know more about the consequences of this legislation on the business use of messaging channels such as WhatsApp and Facebook Messenger? All you need to do is ask! Contact us via the contact form or send a WhatsApp. Very convenient.

written by
Joey Drieskens
The Messaging Agency