The EU General Data Protection Regulation (GDPR) will greatly affect how companies worldwide will be able to use European citizen’s personal data. It will go in effect starting May 25th 2018.
This page outlines what Mindmarker did to be compliant with the GDPR law.
What is GDPR?
The EU General Data Protection Regulation (GDPR) is a new comprehensive data protection law that comes into effect on May 25, 2018. It will replace existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It will be a single set of rules which govern the processing and monitoring of EU data. For more information visit this website.
How it affects you or your organization
Even if you think it doesn’t, it most likely does. If you hold or process the data of any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
What Mindmarker is doing?
Established a ‘Privacy Task Force’
To make sure that all our security policies and practices are up to date and to be capable of addressing any security incident with the right knowledge and people, we have created a special ‘task force’. This team gathers regularly to discuss a predefined agenda, covering topics such as ‘incident reviews’, ‘log anomalies discussion’, ‘training updates’, ‘new threats’ etc.
This team consists of six Mindmarker employees from various backgrounds. Our software and IT departments are represented by specialists, as are other departments within the Mindmarker organization. Our CEO is also part of this team, indicating the commitment to security from the top.
Why doesn’t Mindmarker require a DPO?
We’ve realised we don’t need a DPO because we don’t fit the criteria outlined by GDPR law.
- We are not a public authority
- Our core business does not require the systematic processing of data
- We have no interest in processing sensitive data
Made some changes to the software and database
Our software development team is building the necessary features that will enable our customers and end-users to get full insight to what personal data is stored and to request that data to be fully deleted.
Concerning data portability, our team has completed a clear and easy process to export all of the personal data or granular subsets of that data linked to an individual user. We are now ready to handle any data portability request with speed and accuracy.
(Re)trained all our staff
All Mindmarker staff is already extensively trained when it comes to privacy and security, however the new GDPR law requires our staff to be trained. For instance, what is “EU personal data and how does it compare to PII?” and “What rights do EU citizens have when it comes to GDPR?”. Additional technical training is also required for our Software development team.
We’ve updated our Data Processing Agreements (DPAs)
Strong data protection commitments are a key part of GDPR’s requirements. Our updated data processing agreement shares our privacy commitments and sets out the terms for Mindmarker and our customers to meet GDPR requirements. A signed version is available to our customers upon request.
Reviewed and updated our policies
An important part of GDPR is to be able to demonstrate accountability. Mindmarker continues to be committed to be transparent and clear on what personal data is stored and how it is processed.
All our terms are updated to reflect GDPR as of May 2018. For instance all EU citizen rights that are established in GDRP are now present in our Privacy Policies.
Certification for EU-US Privacy Shield
The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.
To comply with EU data protection laws around international data transfer, we have self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield framework. Currently our self-certification is being reviewed, as soon as it is approved it shall be updated here.
Reviewing and improving our security measures
Security is vital to Mindmarker. We regularly perform external security audits and pen tests and are constantly improving and patching our software. Furthermore, our internal security framework and access design guarantees that only the right people have access to the right level of customer data. For a full list of implemented security controls please take a look at this page.
Need more information?
No problem! Feel free to contact us with your question on Mindmarker and GDPR, or any other subject for that matter, any time.