On May 25, 2018, the European Union’s new privacy law, General Data Protection Regulation (GDPR) comes into effect and will apply to the EU individuals, no matter where their data may reside.
GDPR applies if any organization collects, records, organizes, stores, or performs any operation on personal data of individuals in the European Union — even if the individual is located outside of the EU.
GDPR seeks to add accountability to the data controllers and processors.
- A controller is the one who “determines the purposes and means of the processing of personal data” (that’s you, and maybe us).
- A processor is one who “processes personal data on behalf of the controller” (that’s us when you use our applications, products or services).
42Gears essential steps towards GDPR Compliance:
1. Accountability and Governance:
We have designed comprehensive but proportionate measures to minimize the risk of breaches and uphold the protection of personal data.
2. Data Protection by Design and Default:
42Gears has adopted appropriate technical and organizational measures to consider and integrate data protection into its processing activities.
3. Lawful basis of processing:
GDPR requires personal data to be processed in a manner that ensures its security. We have defined and implemented adequate systems to maintain effective and proportionate security that includes protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
We determine appropriate means to validate the contractual obligations in relation to data processing with the third parties to avoid the risk posed by processing.
6. International Transfer:
Personal data collected by us including any and all the personal information of the EU Customers may, therefore be processed by our service providers in the United States.
We take appropriate contractual or other measures to protect the personal information in accordance with the applicable laws pertaining to Data Protection.
7. Data Breach:
A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. We have trained our employees to report and escalate breaches. Under GDPR, we are subject to a direct obligation to notify controllers of a data breach without undue delay after becoming aware of it. Therefore, we ensure that we engage appropriately with our controllers in the event we become aware of a data breach.
8. Individual Rights:
GDPR provides the following rights to individuals:
The right to be informed
The right of access
The right to rectification
The right to erase
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling
We are obligated to provide fair processing of data and support individuals to exercise their rights under GDPR.
Fulfilling our privacy and data security commitments is important to us. So we’re glad to help you prepare for all the changes under GDPR. This page will be revised to update more GDPR-related information. If you have any questions about how we can help you with compliance, we hope you’ll reach out to us at firstname.lastname@example.org.