What is the GDPR?
The General Data Protection Regulation (GDPR) is being introduced to harmonize data privacy laws across Europe, to protect the data privacy of all EU citizens’ data, and to shape the way organizations across the region approach data privacy. GDPR replaces the Data Protection Directive 95/46/EC and it comes into force on May 25th, 2018. The full text of the GDPR can be found here.
GDPR significantly increases the responsibilities for organizations and businesses in how they collect, use, and protect personal data. At the centre of the new law is the requirement for organizations and businesses to be fully transparent about how they are using and protecting personal data, and to be able to demonstrate accountability for their data processing activities.
Why we welcome GDPR at Teamwork.com
At Teamwork.com, we understand the importance of putting privacy and data protection in the hands of our customers, so we are fully in compliance with the GDPR. We have carefully examined the relevant provisions of the GDPR and we’re closely following applicable GDPR guidance issued by regulatory authorities. The GDPR strengthens individuals' privacy rights through tighter controls over the processing of their personal data, significant expansion of their rights over their data, and increased transparency into the nature, purpose, and use of it. In our eyes, GDPR is a good thing.
Teamwork.com’s commitment to GDPR compliance
In preparation for GDPR, we formed a core team of leaders from each area of Teamwork.com’s business, coordinated by our internal Data Protection Officer (DPO). The representatives in this group were charged with ensuring that all the requirements of GDPR were addressed across all teams. The team met once a week to discuss progress towards GDPR readiness, and has continued to do so following the May 25th deadline so we can continue to ensure our complete GDPR compliance going forwards.
What steps are we taking at Teamwork.com?
Data collection and processing audit
We have reviewed our Teamwork.com activities and all of our product suite to identify where we are collecting and processing customer data. Based on this, we have validated our legal basis for collecting and processing that personal data. We have also ensured that we are applying the appropriate safeguards across our entire infrastructure (both hardware and software) to fully protect this data.
Third-party vendors audit
We have completed an audit of all third party vendors and have validated their GDPR compliance. All vendor agreements will be in place by 25th May.
Data access, portability, and deletion
We know that you’ll want to provide the same level of GDPR compliance to your customers as we do to you. We make it easy to support your customers and give them the ability to access, handle, and delete their personal data. Because we operate on a self-service basis, you’ll always have full control over your own data, including autonomy in how you process your customers’ information. We also ensure that all of your data - and your customers’ data - is easily exportable in a commonly used and computer readable format.
As part of our HIPAA compliance, we already have management and communication processes in place in the unlikely event of a data breach; we’ve updated these to further comply with the GDPR regulations.
We’re here to help
We know that navigating GDPR can seem daunting, but we’re here to help. If you have any questions or concerns regarding how we protect your personal data, please don't hesitate to reach out to us at gdprteamwork.com.