The European Union’s General Data Protection Regulation (GDPR) protects European Union data subjects’ fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance.
- In the last year we had cross functional team collaboration to achieve GDPR readiness. Executive sponsorship from Technology, Security, Legal, Marketing and Operations.
- All customers data is stored with AWS servers who complies for the GDPR.
- All employees understand their role to ensure GDPR compliance and are trained on GDPR to handle all the personal data appropriately as per GDPR requirement.
- Personal Data and Processing Activity register in place to have a track of all the the personal data being collected and processed by the organization.
- Data Processing Impact Assessment procedure in place and DPIA done for all the processors and controllers.
- Internal Audit done for all the products and all our products are now GDPR compliant.
- EasyCSM as per the GDPR principle is following Privacy by Design concept.
- Response procedure in place for any incident of data breach as per our Data Breach Policy.
- Response procedure in place for retention of personal data as per our Data Retention Policy in place.
- Subject Access Request procedures in place to handle all requests of data subject as per GDPR rights.
- Technical Safeguards in place to ensure security of all the personal data.
By nature of EasyCSM’s integration architecture, you determine what data is sent over for processing. Accordingly, your company acts as the controller and must abide to a set of core principles regarding the handling of the personal data, as outlined in the next sections of this document.
First of all, as part of the GDPR principles, you should avoid sharing unnecessary personal data with EasyCSM. Typically, the only class of personal data you should share with EasyCSM is contact information (name, business email/phone) and you should NOT share other classes of data (e.g. health-related data, sexual orientation, religion-related information) that are not relevant to managing the customer’s success with your service.
You can view the latest DPA here.