What is GDPR?
The EU’s General Data Protection Regulation (GDPR) legislation comes into effect on May 25th, 2018. It is the culmination of four years of effort to update data protection laws within the European Union, and will replace the 1998 Data Protection Act.
While the Data Protection Act has been governing the use of personal data for ten years, GDPR seeks to enhance these protections and award greater control to individuals over the data collected and processed by organizations.
Our security team at Checkfront is diligently making updates to how Checkfront collects and processes the information of EU customers to ensure we are compliant by May 25th, 2018. Further, we are committed to helping you meet your obligations under GDPR to the extent that you use Checkfront to collect and store personal data. Updates will be provided to this page in advance of the GDPR deadline.
Why does GDPR matter to me?
GDPR will affect any Checkfront customer based in the EU. Even if your business is not located in the EU, you must be GDPR compliant when collecting information from EU citizens.
Where can I learn more about GDPR?
Disclaimer: This information should not be construed as legal advice. Should you have questions around how the GDPR legislation applies to your specific circumstance, you should consult with an attorney.
Will Checkfront enter into Data Processing Agreements with its customers?
Yes. For Checkfront customers subject to our online Terms of Service, our Terms will be updated to incorporate a Data Processing Addendum. For Checkfront Enterprise customers, our Master Services Agreement will be updated to incorporate the Data Processing Addendum, to cover our processing of personal data. Please contact your Customer Success Manager for more details, or email firstname.lastname@example.org.
What is Checkfront doing to prepare for GDPR?
- We are updating our online Terms of Service to include a Data Processing Addendum, as required by Article 28 of the GDPR.
- We will be introducing Data Protection Impact Assessments to mitigate any data security and privacy risks associated with our data processing activities.
- We will be updating our internal data security and privacy training program to include education and training for GDPR.
- We will be documenting all of our data processing activities, as required by Article 30 of the GDPR.
- We will be conducting a formal review of all sub-processors we work with to ensure they have adequate procedures and measures in place to protect all personal data.
- We will be implementing a process by which our customers can respond and comply with data access and deletion requests.
- We have added a dedicated support channel for answering questions and general correspondence as it relates to GDPR. Please contact us at email@example.com with any questions, comments or concerns related to upcoming GDPR legislation.