General Data Protection Regulation
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy. Key articles of the GDPR and information on its business impact can be found here.
Following, please find a brief overview of some key features and processes we have put in place to support GDPR compliance. This overview is not meant to be legal advice, it is not meant to assure your organization is in compliance with GDPR regulations, and it is not meant to serve as a checklist of comprehensive GDPR compliance. Rather, this brief overview helps illustrate our standard operating procedures around some key components of the GDPR regulation that we feel will be most applicable to our customers, partners, and prospects.
Lawfulness of Processing
Requirement: Deft will need to have a lawful reason to use your data. Lawfulness of Processing may be enacted via consent, via notice and/or via execution of a contract (e.g. becoming a customer or partner).
Remedy: Deft has added the ability to track and audit the grant of Lawfulness of Processing within our CRM and Marketing platform. Effective 25 May 2018, all new records created will be in compliance with this requirement. If your record was created prior to 25 May 2018, we will make a best effort to provide you with this information.
Consent
Requirement: Deft shall be able to demonstrate that you have consented to the processing of your information for business communications.
Remedy: Deft has defined processes for the ability to respond to requests for consent verification. Effective 25 May 2018, all new records created will be in compliance with this requirement. If your record was created prior to 25 May 2018, we will make a best effort to provide you with this information.
Withdrawal of Consent (Opt-Out)
Requirement: Deft shall be able to illustrate which communications you have provided consent to receive and provide the ability for this consent to be withdrawn upon your request.
Remedy: Deft has defined processes for the ability to Opt-Out of business communications in part or in total.
Rectification
Requirement: Deft shall be able to provide you with verification of any incomplete or inaccurate personal data upon request.
Remedy: Deft has defined processes for rectifying incomplete or inaccurate personal data, upon request.
Access & Portability
Requirement: Deft shall be able to provide you with the personal data you have provided to Deft in a structured, commonly used and machine-readable format.
Remedy: Deft has defined processes for providing individuals with the personal data they have provided to our company in a structured, commonly used and machine-readable format.
Right To Be Forgotten
Requirement: Deft shall be able to permanently delete all personal data the company has about you including, but not limited to, emails, call records, support ticket submissions, etc.
Remedy: Deft has defined processes for permanently deleting all personal data the company has about an individual including, but not limited to, emails, call records, support ticket submissions, etc.
However, certain personal data may be retained if such data is required for execution of the contract between the individual, the individual’s company and Deft.
Still need help? Send us a note!
There are many more requirements within the GDPR legislation. As an EU citizen, should you or anyone in your organization have any questions, please contact us:
Deft Legal Department
2200 Busse Rd.
Elk Grove Village, IL 60007 USA
privacy@deft.com