Posted in Misc

May 25, 2018: The Birth of GDPR


Flooded with emails from companies describing how they’ve updated their Privacy Policy? You’re not alone. The GDPR goes into effect today and if a business isn’t compliant, then hefty fines and penalties await.

After about 4 years of contentious debate, on 8 April 2016, the EU data protection framework was finally adopted. As of today, it’s the law, – the General Data Protection Regulation (GDPR). It’s a law that’s sure to significantly overhaul Europe’s cornerstone data protection legislation at a time when technology-led information systems and digital businesses are creeping into every aspect of human life. The new EU GDPR replaces the existing Data Protection Directive 95/46/EC as of 25 May, 2018. The European Union aims to harmonize data privacy laws across Europe to empower its citizens and protect their data privacy. In addition to that, it also wants all organizations dealing with the personal data of EU citizens to change their perspective and approach towards data privacy.

Adopting the GDPR marks a major milestone in EU’s data protection laws.

Why the GDPR?

keys.pngThe rising concern of people and Governments regarding data privacy motivated the existence of GDPR. Europe, in general, has always been an aggressive protector of its citizens data. The Data Protection Directive that went into effect in 1995 controlled the way companies were using personal data of their users. Over the last two decades, Internet adoption has increased dramatically transforming the World Wide Web into a major business hub. It quickly became clear that the old directive was not enough to address the many challenges existing in the way businesses collect, store, and transfer data today.

Screen Shot 2018-05-25 at 2.07.52 PM.png
Source: RSA Data Privacy and Security Report

The reality is that public concern over data privacy has grown significantly. As per the RSA Data Privacy and Security Report, 80% of consumers felt that lost banking and financial data was their top concern. However, loss of security and identity information like passwords or passports was a close second and was an area of concern for 76% of surveyed participants.

Screen Shot 2018-05-25 at 2.08.08 PM.png
Source: RSA Data Privacy and Security Report

62% of all respondents said that they would blame the company and not the hacker if their personal data was breached – an alarming update for companies dealing with consumer data. The report concludes:

As modern consumers are better informed they expect more transparency and responsiveness from the stewards of their data.

One point in RSA’s report that directly relates to the existence of GDPR is particularly interesting. It demonstrates how consumers figured out their own countermeasures to deal with a company handling user data inappropriately. According to the report, about 41% of people intentionally falsify information while signing up for an online service. Lack of trust, security threats, a desire to avoid unwanted marketing emails and avoiding the possibility of having their data resold are the major concerns behind these countermeasures.

Screen Shot 2018-05-25 at 2.12.31 PM.png
Source: RSA Data Privacy and Security Report

Modern consumer mentality has evolved to where at they’ are in no mood to forgive a company for failing to prevent a data breach that exposes their personal data. In the U.S., about 72% respondents firmly stated that they will no longer visit or deal with a company that fails to protect their data. Conversely, about 50% of respondents say they are more likely to shop at a company that is serious about how it protects user privacy and safeguards their data.

With increased digital transformation, businesses make increasing use of digital assets, services, and big data. Additionally, consumers are sharing their personal information with a multitude of online platforms using different touch points. Therefore, it has become a key business imperative for a company to stay accountable, responsible, and transparent when it comes to protecting consumer data on a daily basis.

Who is Affected?

The GDPR is in effect from today (May 25, 2018)gdpr.png. The sweeping new set of changes will affect every company from technology to advertising and from medicine to banking. The biggest impact will be on companies holding and processing large amounts of consumer data: technology firms, marketers and the data brokers connecting with them. Additionally, companies whose business models are based on acquiring and exploiting consumer data at large scale are also expected to bear the largest burden.

If your company stores or processes information on EU citizens, then you are required to comply with the new GDPR, even if you do not have any business presence in EU.

The GDPR is applicable to your business or company if your business has

  • A presence in an EU country,
  • No presence in the EU but your business possesses data of EU citizens,
  • More than 250 employees,
  • Fewer than 250 employees but your data processing impacts the rights and freedom of data subjects, not occasional, or includes a certain type of sensitive personal data.

According to a PwC survey, over 90% of U.S. companies with more than 500 employees have taken GDPR compliance seriously.

Recently Propeller Insights conducted a survey sponsored by Netsparker to find out the companies that are expected to be most affected by the GDPR. 53% feel that the technology sector will be severely affected. Online retailers clocked in at 45%, software companies at 44%, SaaS software companies at 37% and companies dealing in retail/consumer packaged goods came in at 33%. The bottom line is: the EU is big and most companies deal with EU citizens either as employees, customers or partners and will be affected by the GDPR.

Effect of GDPR on Third-Party and Customer Contracts

In the new GDPR guidelines, equal liability is placed on data controllers and data processors. If you do business with a third party data processor, which is not in compliance with the GDPR, it means that your business has failed to comply with the GDPR. Besides, the new regulation has mandated strict rules for reporting data breaches that everyone in the data processing chain must abide by.

As a result of the GDPR, the contracts your business has with third parties like Cloud (IaaS) providers, SaaS vendors, or other support service providers and customers; must spell out the shared data protection responsibilities. Moreover, these revised contracts will have to define logical processes that will be used to manage and protect data along with the mechanisms that will be used to report data breaches.

Client contracts also need revision to, ensure these contracts adhere to the new GDPR changes. Business managers, I.T., and security team must understand and agree upon a compliant reporting process.

Ten Steps to Take TODAY

  • Top Management needs to trigger a sense of urgency: The top management in the company responsible for risk management must prioritize compliance with global data hygiene standards and infuse the entire organization with a sense of urgency.
  • Motivate Stakeholders to get involved: Your I.T. department alone is not responsible for preparing the entire organization to be GDPR compliant. Involve marketing, finance, sales, operations and other departments that collect, analyze or use consumer data. Their inputs and suggestions to handle and protect data will help the technical team to implement procedural changes effectively and speedily.
  • Hire a Data Processing Officer: Under new GDPR, it is not clear whether a DPO is a discrete position or not. You can either appoint someone within the company who has worked in a similar kind of role, who could ensure data protection with no conflict of interest or hire a new individual. You also have the option to work with a virtual DPO who could work as a consultant for your company.
  • Perform Risk Assessment: Assessing risks involved in collecting, processing and or managing EU citizen’s’ data is a major step towards GDPR compliance. Once a risk assessment has been performed, your business will understand the options available for mitigating these risks.
  • Mobile Security is a Must: In the modern I.T. environment, more than 68% employees access employee, customer, and partner data on mobile devices, which is a major threat to data protection leading to non-compliance with the GDPR. Employees download third-party applications on their work devices jeopardizing the security of consumer data. Implementing a mobile security framework to protect against unauthorized access to data on the mobile device is a critical component of GDPR compliance.
  • Create a concrete Data Protection Plan: In a perfect world, you already have a solid data protection plan in place. If not, you need to create one right away. If you already have a plan, kudos to you but you should review and update the plan for GDPR compliance.
  • Bring Together a System to Report Progress in GDPR Compliance: Article 30 of the GDPR regulation mandates companies to maintain a record of processing activities under its responsibility. To ensure your company is keeping accurate records you need to establish a team that can monitor places where personal data is being processed, who is processing it, and how it is being processed.
  • Implement Systems to Alleviate Risks: After identifying risks, you need to determine measures that will mitigate them, even if it means revising existing risk mitigating systems. Spotting and investigating the risks associated with data processing and regulating the needed level of security required to protect data becomes easier for the GDPR once you have taken an inventory of risky applications and understood how data is being processed in your organization (Step 7 above).
  • Setup and Test an Incident Response Plan: Under the GDPR, companies need to provide a detailed report regarding any breach of personal data to their local data authority ‘without undue delay’ (within 72 hours of becoming aware of the breach). Don’t wait for an actual data breach to occur – setup a response team and perform drills to make sure it works as planned.
  • Comply with GDPR by eyeing Business Benefit: Undoubtedly, complying with the GDPR will provide a competitive edge to your business. Compliance will not only enhance ROI but will also help in boosting consumer confidence. Moreover, the technical and process changes you will bring about to comply with the GDPR will enhance your organizations’ efficiency to manage and secure data.


The GDPR is here. Compliance is a daunting task; it’s difficult to understand where to start; especially when every facet of the business from staff training to data security audits are involved. This blog will definitely help you to understand GDPR better and implement measures that will make your organization GDPR compliant.


After hours of brainstorming sessions, poring over documents, legal reviews and many gallons of coffee, we are proud to announce that, effective May 25, 2018, frevvo complies with the GDPR.

You can learn more and obtain a Data Protection Addendum (DPA) by visiting our GDPR site.

Posted in HR Process Automation, Misc

[Webinar] Generate custom PDFs from your automated workflows


It’s a common requirement among our customers – they love the advantages of online workflows such as dynamic behavior and built-in mobile but need to generate their own PDF document. For example, a Federal W-4 or I-9 during Employee On-Boarding. With frevvo, you don’t have to choose.


Join us on this webinar on June 7 at 1.00 PM EDT. In just 45 minutes (including Q&A), we will:

  • show you examples that customers are using today, and
  • demonstrate how you can drag & drop to easily create your own custom PDFs.

You can generate multiple PDFs, conditionally generate some PDFs and not others (e.g. a state W-4 depending on which state the employee resides in), save these PDFs in back end systems, send them by email etc.

Learn more: Try an example and read detailed documentation on our website.

Posted in Misc

Celebrating “10 years” of success


It’s hard to believe but frevvo’s just turned 10. It’s been quite a journey; obviously, like every company we’ve had a few struggles but overall, it’s been a fantastic ride.

Prior to frevvo, some of us worked at a BPM company where we built the front-end forms by hand. It was incredibly boring so we threw together a prototype while working part-time, quit our jobs and decided to give it a shot.

Branford’s beautiful Blackstone Public Library

The first few years were tricky. We worked out of Branford’s Blackstone Public Library and Willoughby’s Coffee in Branford, CT. Thanks Town of Branford. We came from a BPM background so our product didn’t have the fanciest UI – but it did real business things like conditional logic, integration, calculations etc. Still, it wasn’t easy to sell and the four of us were all Engineers.

It took us a year to get our first customer and another year to get our tenth. Since then, we’ve grown to almost 800 customers of all sizes in all industries spread out all over the planet. We’ve added several employees in Branford (and we’re looking for a few more right now). We’ve been fortunate to partner with some of the biggest companies in the world as well as great local partners right here in Connecticut: Westbrook Technologies now DocuWare in Branford and Square-9 Softworks in New Haven.

Ten years later, after many twists and turns, we’ve stayed true to our mission of caring deeply about our employees.

“We will not sacrifice our team’s happiness to chase every last $. We don’t want to be the biggest; we just want to be the best.”

That approach has paid huge dividends – employees have stepped up during tough times and customers sense their commitment and willingness to go the extra mile to ensure satisfaction – just take a look at our long list of customer testimonials.

I’m so proud of our success and grateful for the amazing team we have here at frevvo. I’m excited about the future, about meeting our new employees, about growing our business right here in Connecticut, and about building an even better product and exciting new relationships with customers and partners.

To all our customers: rest-assured that our employees will do everything in their power to ensure that you’ll still be happy frevvo customers on our 15th anniversary and beyond.

Finally, to my original co-conspirators Leandro, Nancy & Yuri, thank you for everything. It’s been a heckuva ride these last 10 crazy years.

Posted in Misc

The Nightmare before “Workflow”


That’s the start of one of the best Halloween movies ever made … or was it a Christmas movie? We changed it a bit.

We’re hoping you have a ‘spooktacular’ Halloween with costumes, treats and games galore. This time around, try our Halloween Quiz (click the image below) and discover how ready you are for workflow automation this Halloween and throughout the next year.


No matter your expertise level, frevvo has a bunch of great resources for all your forms and workflow needs. So, click the button to take the quiz and find your Halloween treat.

And, if you have some time on your hands this Halloween, you could always watch The Nightmare before Christmas.

Happy Halloween!


Posted in Misc

[Webinar recording] What’s new in frevvo 7.3

New in V7.3

frevvo 7.3 was recently released. We’ve added some cool new functionality and improved it in ways that are really important to customers.

We’re also excited about some upcoming developments including big improvements to the Visual Rule Builder coming soon as part of V7.4 this year.

Watch this video recording of the webinar where MaryAnn demonstrated several new and upcoming capabilities including:

  • Connecting to SharePoint using point and click wizards. You can save your data and documents to lists or libraries.
  • Visual Precondition Rule Builder.
  • Connecting pick lists to web services with zero code.
  • One-click Save and Test. A little thing that customers have been wanting.
  • Visual Rule Builder for calculations and other advanced functions (coming in V7.4).


Posted in Misc

Tracking with Google Analytics


Google Analytics is a freemium web analytics service offered by Google that tracks and reports website traffic. It’s the most widely used web analytics service on the Internet. If you’re using Google Analytics, you can integrate frevvo forms and workflow traffic into Analytics.

The simplest way to track form or workflow usage is to add your Google Analytics Tracking Id in the form’s Tracking Id property. Now every time someone uses this form or workflow, frevvo will transmit a Pageview to Google Analytics. You’ll be able to see this as a standard web page view in all Analytics reports.

If you wish, you can enable fine-grained tracking. For example, you want to track events like specific value changes on the form, form submission etc. You can use Custom JavaScript to call Google Analytics during these events.

Here is a sample script to call Google Analytics when user submits the form:

var CustomEventHandlers = {
setup: function(el) {
if (CustomView.hasClass(el, ‘s-submit’)) {
FEvent.observe(el, ‘click’, this.submitClicked.bindAsObserver(this, el));
submitClicked: function(evt, el) {
_gaq.push([‘_trackEvent’, ‘Purchase Order form submitted, ‘clicked’]);

You can observe a wide variety of events on any control in your form and track them individually at any level you desire. Please see the documentation for details on custom event handlers.

Posted in Misc

Speed wins the race: top performers develop apps faster

speed-winsSalesforce Research published their 2016 State of I.T. report yesterday with many interesting insights.

72% of high performing companies develop an app in three months or less.

Once gain, the report clearly highlights the importance of being able to react and respond quickly to rapid changes in business conditions. And, as we’ve said before, the #1 challenge facing organizations today in this area is a shortage of talent.

Your talented employees should be helping customers and taking advantage of new business opportunities. Why would you have them chasing paper or trying to track down an approval that’s stuck on the CFO’s desk? It makes no sense.

That’s where frevvo can help. You can start with a pre-built template, customize it to meet your unique business needs, deploy it securely in the Cloud (or On-Premise if you prefer), and do it all in days. It’ll automatically work on mobile devices. You don’t have to do anything.

Visit our website to find solutions for your business needs and try frevvo free for 30 days.

Posted in Cloud, Misc

Happy Holidays with my favorite Cloud cartoons!

As 2015 draws to a close [already], it sure seems like Cloud is on everyone’s mind. We’ve written plenty of articles on security, the pressure to transition to the cloud, business agility blah blah blah … Time to look at the funny side of Cloud. I thought I’d share some of my favorites. Enjoy! Happy Holidays, Happy New Year and see you in 2016!

Cloud really is part of our everyday life but it isn’t really the answer to everything 🙂

Sources: CloudTweaks, CloudTweaks

Yes, even 8 year olds can sync using the cloud …


… but we hope you’re taking a more measured approach.

Source: Dilbert

No article on cartoons is complete without at least one classic from XKCD so here goes.

Source: XKCD

Finally, it’s Christmas and I’ve been buying on Amazon.

Source: Dilbert

Hope everyone has a wonderful holiday season. I’m looking forward to a great 2016.