The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. GDPR will come into effect on 25th May 2018 and will be applicable to all member states. You can read about the full text of the GDPR here.
While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.
As part of our unwavering commitment to data security and customer protection, Datability is committed to GDPR compliance. We are evaluating new requirements and restrictions imposed by the GDPR and will take any action necessary to ensure that we handle customer data in compliance with applicable law by the 2018 deadline while continuing to move fast and build great products.
The GDPR clearly defines the roles that different organizations have when managing or dealing with personal data. There are two major roles – Controllers and Processors. Controllers are organizations that deal with personal data. Our Customers, including both businesses and individuals, using Wigzo classify as Controllers because they collect data, decide what will it be used for, and how will it be used. Wigzo plays the role of the Data Processor because of Wigzo processes this data, provided by the customers, on their behalf.
As Controllers, our customers own their users’ personal data on Wigzo. We’re committed to helping our customers meet their obligations under the GDPR. We have already implemented data security processes and controls to make sure that our customers can meet their GDPR obligations. These include:
As Wigzo is a Data Processor, our customers must have a Data Processing Addendum with us. We have a GDPR-compliant DPA that our customers can sign upon request. Amongst other things, our DPA includes a list of sub-processors for personal data, detailing our breach notification procedures, SLA’s and our governance measures.
Information security is our highest priority. That is why we have technical and organizational measures in place which ensure that our customer’s personal data remains secure. We have implemented the following data security best practices for GDPR compliance:
We also continue to create and invest in our security and compliance measures.
Our updated policy outlines our commitment to maintaining the privacy of our customers’ personal data. It also explains what we have done to make sure our customers’ personal data is secure and what choices are available to them.
Our customers and their end-users can request access, correct, and modify their personal data stored on the Wigzo platform. End-users can also contact us at firstname.lastname@example.org if they would like to access, correct, or remove their personal data. As a Processor, we will forward these requests to the relevant customers and help them respond if needed.
We are always happy to answer any questions about the privacy and security of our customers’ data, GDPR, or user engagement, in general. Feel free to contact us at email@example.com.
We’re collaborating with our vendors, understanding and reviewing their GDPR plans to ensure similar GDPR-ready data processing agreements with them.