General Data Protection Regulation (GDPR)
What is GDPR?
The EU’s General Data Protection Regulation (GDPR) legislation comes into effect on May 25th, 2018. It is the culmination of four years of effort to update data protection laws within the European Union, and will replace the 1998 Data Protection Act.
While the Data Protection Act has been governing the use of personal data for ten years, GDPR seeks to enhance these protections and award greater control to individuals over the data collected and processed by organizations.
Our security team at Checkfront has made updates to how Checkfront collects and processes the information of EU customers to ensure we are compliant. Further, we are committed to helping you meet your obligations under GDPR to the extent that you use Checkfront to collect and store personal data.
Why does GDPR matter to me?
GDPR will affect any Checkfront customer based in the EU. Even if your business is not located in the EU, you must be GDPR compliant when collecting information from EU citizens.
Where can I learn more about GDPR?
Disclaimer: This information should not be construed as legal advice. Should you have questions around how the GDPR legislation applies to your specific circumstance, you should consult with an attorney.
Will Checkfront enter into Data Processing Agreements with its customers?
Yes. For Checkfront customers subject to our online Terms of Service, our Terms will be updated to incorporate a Data Processing Addendum. For Checkfront Enterprise customers, our Master Services Agreement will be updated to incorporate the Data Processing Addendum, to cover our processing of personal data. Please contact your Customer Success Manager for more details, or email firstname.lastname@example.org.
What has Checkfront done to prepare for GDPR?
- We have updated our online Terms of Service to include a Data Processing Addendum, as required by Article 28 of the GDPR.
- We have introduced Data Protection Impact Assessments to mitigate any data security and privacy risks associated with our data processing activities.
- We have updated our internal data security and privacy training program to include education and training for GDPR.
- We have documented all of our data processing activities, as required by Article 30 of the GDPR.
- We have conducted a formal review of all sub-processors we work with to ensure they have adequate procedures and measures in place to protect all personal data.
- We have implemented a process by which our customers can respond and comply with data access and deletion requests.
- We have added a dedicated support channel for answering questions and general correspondence as it relates to GDPR. Please contact us at email@example.com with any questions, comments or concerns related to upcoming GDPR legislation.