What is the GDPR?

The General Data Protection Regulation (GDPR) is a new data protection legislation in Europe.

The EU has decided to strengthen and regulate the privacy policy across the European Union.

This means more stringent rules on data protection since May 25th, 2018.

Why have the GDPR?

There are two main drivers behind the GDPR:

The EU wants EU citizens to have more control over their personal data.

The EU wants to make it easier for businesses to deal across borders - matching legislation will save businesses money.

Key Changes

• Communication

• Consent

• Access and Portability

• Marketing 

• Safeguarding sensitive data

• Data transfer outside the EU

Data processor or data controller?

The GDPR differentiates between two roles - the data processor and the data controller. Each role holds different duties and responsibilities.

The data processor processes personal data on behalf of the data controller.

The data controller determines the purpose and means of processing of personal data.

Firmwater acts as the data processor when it comes to personal data that is collected by the Firmwater LMS platform.

How did Firmwater prepare for the GDPR?

Firmwater hired TrustArc to assess and evaluate Firmwater’s fitness level when it comes to data protection. With the results, we put together an action plan that put us on the path to GDPR compliance.

Our team worked hard to implement the following measures:

Updating our privacy policy
Giving access to personal data if requested
Managing and processing personal data collected on our website and platform to GDPR standards
Implementing a privacy by design framework
Preparing records of processing
Updating contractual terms with suppliers and partners (data protection addenda)
Enhancing our company policies
Training Firmwater staff on GDPR legislation