Datawrkz is fully compliant with GDPR. Datawrkz as a Data Processor has all the necessary systems and processes in place to support our customers (the Data Controllers) meet their obligations under GDPR.
If you are a Datawrkz customer and have any specific questions, you can contact your engagement strategist or send in your queries to our GDPR hotline (firstname.lastname@example.org) at any time.
WHAT IS GDPR
GDPR is the General Data Protection Regulation: a regulation in EU law on data protection and privacy for all individuals within the European Union. GDPR came into effect on May-25-2018. GDPR requires any organization holding any form of personal data relating to any EU citizen to meet certain obligations relating to the use and access of that data.
The introduction of the EU General Data Protection Regulation (otherwise known as GDPR) is one of the biggest regulatory changes in data privacy laws in the last 20 years. The GDPR aims to harmonize data privacy laws across the EU and strengthen the security and protection of the personal data of all EU residents. This is a good thing for EU residents and something new to navigate for businesses.
GDPR was approved by the EU parliament on April 14, 2016, and becomes fully enforceable on May-25-2018. For businesses that aren’t GDPR compliant by that date, there can be some pretty hefty fines. Companies may be fined up to €20 million or four percent of global annual revenue.
- GDPR does not restrict to a particular geographical territory
- Any EU citizens data has to meet the GDPR obligations.
WHAT ARE THE OBLIGATIONS
- Confirming that personal data (If captured) is held by you to your users (ie the ‘owner’ of the data, or from here on and in GDPR terms the ‘data subject’)
- Sharing that data with the individual, in a ‘portable’ format
- Allowing any data relating to an individual to be deleted
- Allowing any data relating to an individual to be rectified if it is incorrect
- Allowing any individual to opt-out of any form of direct marketing
- Allowing any individual to opt-out of any personal data being processed
DATA CONTROLLERS & DATA PROCESSORS
GDPR makes a key distinction between these two roles in the management and processing of personal data:
To understand GDPR better one needs to understand two aspects, Data controllers and Data processors.
The Data Controller owns the relationship with the Data Subject and is ultimately responsible for making and policing decisions around how and why that data is processed. In most cases, if you are a Datawrkz customer the Data Controller in this context is you.
The Data Processor is any organization that handles and processes data on behalf of, and with regard to instructions from, the Data Controller. In most cases, Datawrkz is one of your Data Processors.
Each role has its own responsibilities, but it’s important to understand that in most cases the Data Controller has legal liability under GDPR. However, as the Data Processor, we at Datawrkz want to make sure your job is as easy as it possibly can be when it comes to being (and staying) compliant.
HOW DATAWRKZ CAN HELP?
At Datawrkz, we believe in “security by design,” meaning that we have built security into the core of our product and have made it a key focus area since day one. With regard to GDPR, the following should be noted:
- Whilst it is the responsibility of the data controller to secure consent for personal data to be collected, Datawrkz will honour the consent when passed along.
- Datawrkz has processes in place today to provide data relating to any individual within Datawrkz servers in ‘portable’ format, ensuring that you will be GDPR compliant
- Datawrkz is able to delete all data relating to any Data Subject or refrain from collecting data from any specific Data Subject, without compromising the workings of the platform as a whole. An acknowledgment will be sent to the Data controller once the data is deleted against a request
- Datawrkz does not collect any Personally Identifiable Information by default However, any such information can be collected by shared with Datawrkz if the Data Controller wishes to do so. In addition, it is worth being aware that even pseudonymized data can be defined as ‘personal data’ under GDPR
- Datawrkz never contacts the users directly. All activities and pages that are presented by Datawrkz are controlled by the Data controller.