The General Data Protection Regulation (GDPR) is a new data protection legislation in Europe.
This means more stringent rules on data protection since May 25th, 2018.
There are two main drivers behind the GDPR:
The EU wants EU citizens to have more control over their personal data.
The EU wants to make it easier for businesses to deal across borders - matching legislation will save businesses money.
Access and Portability
Safeguarding sensitive data
Data transfer outside the EU
The GDPR differentiates between two roles - the data processor and the data controller. Each role holds different duties and responsibilities.
The data processor processes personal data on behalf of the data controller.
The data controller determines the purpose and means of processing of personal data.
Firmwater acts as the data processor when it comes to personal data that is collected by the Firmwater LMS platform.
Firmwater hired TrustArc to assess and evaluate Firmwater’s fitness level when it comes to data protection. With the results, we put together an action plan that put us on the path to GDPR compliance.
Our team worked hard to implement the following measures:
Giving access to personal data if requested
Managing and processing personal data collected on our website and platform to GDPR standards
Implementing a privacy by design framework
Preparing records of processing
Updating contractual terms with suppliers and partners (data protection addenda)
Enhancing our company policies
Training Firmwater staff on GDPR legislation
© 2020 Firmwater Inc. All Rights Reserved.