A landmark privacy law in the European Union (EU) called the General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. The GDPR unifies data protection rules across the EU and places new obligations on how companies handle personal data of individuals in the EU, including increased requirements for transparency and expanding individuals’ rights with regard to their personal data.
Our commitment to complying with the GDPR began in 2017, when we engaged a leading privacy compliance firm to perform a comprehensive assessment of our privacy and security practices in light of GDPR requirements. As a result of that assessment, we have been working diligently to update our privacy and security practices so that we can comply with, and support our customers in complying with, the GDPR.
Our GDPR compliance efforts include the following:
- Data Security: We have reviewed and updated our technical and organizational safeguards to help protect personal data and prevent unauthorized access to personal data. Processor Obligations: Woopra acts as a “processor” for the services that it provides to its customers. We have reviewed and updated our business processes to comply with GDPR obligations applicable to processors and have developed a reasonable data privacy addendum (DPA) so that our customers may easily meet their Article 28 obligations. If you are a customer and would like a copy of our DPA, please contact us at .
- Subprocessor Management: We understand the importance of managing subprocessors who help us serve our customers and only use industry leaders to support our services. In addition, we have implemented a procedure for assessing vendors before we engage them and have been working diligently to put DPAs in place with each subprocessor.
- Data Subject Rights: We have developed data subject rights procedures to ensure that we provide timely and appropriate support for our customers’ responses to their users’ requests to exercise their rights under the GDPR.
- Data Transfers: We comply with legal requirements for cross-border data protection and have been Privacy Shield-certified since July 2017. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield website.
If you have any questions regarding our privacy practices or GDPR efforts, please reach out to us at email@example.com.