Vendasta’s GDPR Commitment
On May 25, 2018, the European Union (EU) has changed the way organizations complete business by implementing a new privacy law called the General Data Protection Regulation (GDPR). With much advancement in technology and how more data is collected than ever before, the GDPR establishes rules for organizations, government and other entities that handle personal information and to ensure the privacy rights are granted to individuals.
The GDPR redefined the concept of “personal information” into very broad meaning as any information that is identifiable individual (“Data Subject”). The GDPR regulates the “processing” and “controlling” of data which includes collection, storage, transfer, or use. The regulation applies to all companies in the EU member states; and all the companies offering goods and services to EU Data Subjects; it applies no matter where you are located.
Here at Vendasta, we have expertise in privacy and protection of data. We are dedicated and committed to the GDPR compliance across our services prior to the Regulation’s effective date.
Link to resources of GDPR
Some of Key Changes in GDPR
- Personal Data
- Expanded the definition of personal data
- Online identifiers, such as IP addresses, are considered personal data.
- Individual Rights
- Access, correct, erase, restrict, and export personal data
- Object to processing of their personal data
- Consent is redefined to legitimize certain processing activities
- Previously given consent can be revoked
- Requirement of Controllers and Processors to implement appropriate measures to ensure a level security
- At Vendasta, the Platform and each of our Solutions are built with multiple layers of security, backups, and disaster recovery.
- We have a number of security certifications
- Transparent Policies
- Companies are required to provide clear intention of use of personal data
- Policies regarding data retention and deletion
- Requirement to provide information to data subjects even if personal data has not been directly obtained
- Controls and Notification
- Protect personal data using appropriates security
- Notify authorities of personal data breaches
- Obtain appropriate consents for processing data
- Keep records detailing data processing
- IT and training
- Train privacy personnel and employees
- Audit and update data policies
- Employ a Data Protection Officer, if applicable
- Create and manage compliant vendor contracts
- New concept of profiling
- Restriction on the automated processing of personal data to evaluate a personal aspects such as work performance, economic situation, health, behaviour, interests, attitudes or location.
At Vendasta, we welcome the GDPR as an opportunity to strengthen our commitment to privacy and data security. We are working diligently to ensure that our products, services and contracts comply with the GDPR to help our partners’ and their customers’ compliance with the GDPR.