What is GDPR? When is it coming into effect?
The GDPR (General Data Protection Regulation) is an important regulation which is aimed to protect data privacy of all EU citizens and empower the users. It means that the user gets the complete control over their personal data i.e. the right to access as well as the right to forget i.e. withdrawing their data.
The regulation will be effective on the 25th May 2018.
It will replace the existing 95/46/EC Directive on Data Protection which was applicable since October 1995.
Who does GDPR impact?
GDPR is applicable to all companies, within the EU or outside the EU, irrespective of its location, that markets or does business with individuals or organizations in any of the EU countries.
How is Scalefusion getting ready for GDPR compliance?
Scalefusion is working committedly towards the GDPR compliance. We are taking various steps, as briefed below, across our entire organization to get ready.
Awareness among employees – Every specialist, lead, manager, and executive are being educated on what is GDPR, the importance of its compliance and what steps and changes has to be taken to achieve that.
Data assessment -We have assessed and documented what kind of personal data we collect.
Changes in the internal process – We are continuously assessing what all changes are required in our internal processes to be compliant with GDPR and working towards implementing them.
Terms & Conditions – At the time of signup as well as after, we will be mandating the consent to the Scalefusion’s Terms & Conditions, demonstrating compliance with the GDPR.
Audit Logs – We will be maintaining the logs of all the Admin activity including the request for withdrawing the data i.e. Right to Forget. We will be maintaining the log for 18 months at least and the same will be assessed by the Data Protection Officer (DPO), whenever required.
Right to Information – All the personal information collected about account admin and the device admins will be available to the account admin when requested.
Right to Forget – In accordance with the GDPR, a user has all rights to withdraw all their data. To be compliant, we will be sending an Email asking their acceptance for the same and even fetch the confirmation on call within the window of 48-72 hours. Only after duly filled up acceptance email, we will be completely deleting the user data from our records.
We are implementing the required changes, and the changes are being done, we will meticulously test them and confirm & authenticate its compliance with GDPR. After that, we will be announcing our complete compliance with GDPR before the mandated date.
If you are still in the process of understanding the GDPR, visit our blog – GDPR & How SaaS companies can prepare for the regulation?