The new European General Data Protection Regulation (GDPR) will come into force from May 25th, 2018. There are some changes that will be made as a result of the regulations. This page will provide you with a summary of what those changes are and how they will affect you.
What is GDPR?
General Data Protection Regulation (GDPR) is a regulation that prevents businesses from using personal data belonging to any individual residing in the EU/EEA (regardless of their citizenship), without their consent or legal basis; consent being a crucial requirement here. It also talks about how the data should be processed in a fair, transparent and lawful way. The primary objective of this regulation is to hand back European citizens a control over their personal data.
This GDPR compliance warrants new standards to be put in place for businesses to be compliant and they are being challenged as they alter their systems, legal agreements, management of their EU/EEA clients and lead pools, and more, in the process.
- We have and will always strive to value your privacy and take seriously our obligations to keep the information provided by you confidential and secure. Mentioned below is a list of changes we've made as first steps:
- We will give you detailed information about what personal data we collect from you, how we collect it, what we do with it, and who we share your data with, including advertisers and other third parties (such as vendors we work with to support the services we provide to you)
- We have included information about how you can ask us to stop or limit using the data we have about you
- We are making it easier for you to control the information you provide to us. Our policy explains how you can make choices about your information and the measures we’ve put in place to keep your information secure.
What we have done to be GDPR Compliant
- We are committed to security and privacy measures required under GDPR. We are making sure your data is encrypted in transit and in rest.
- We are conducting regular vulnerability tests and annual penetration test to make sure your data is secure.
- We are also doing regular encrypted data backups to make sure there is no data loss.
- When transferring data outside of the EU, we are making sure appropriate data transfer mechanisms as required by GDPR are in place. This includes our current Privacy Shield certification and ISO/IEC 27001:2013 Certification.
- We have created a Data Processing Addendum which you can find here
- Kissflow is holding any vendors that handle our customers’ personal data to the applicable data management, security, and privacy standards required under GDPR.
- We are carrying out data impact assessments and will be coordinating with EU regulators where it is appropriate.
Last Updated: 6th May, 2018