DirectorySpot and GDPR:
May 25th, 2018 marked the start of enforcement of the European Union’s General Data Protection Regulation. This new piece of legislation has had a great impact on anyone whose business involves handling personal data about EU residents or within the EU. Naturally, personal data is at the core of a directory, so the DirectorySpot team has also been busy to make sure that we are compliant. We invested in this compliance to ensure our EU customers (as well as any of our customers that have EU contacts in their directory), that their data is protected.
This article provides an overview of the data-related roles and responsibilities when you’ve chosen DirectorySpot as your directory solution and will explain our efforts to live up to the values and requirements of the GDPR.
DirectorySpot as the Data Processor
Using the DirectorySpot app to manage your contacts means that you have engaged DirectorySpot as a data processor to carry out certain processing activities on your behalf.
In the cases where DirectorySpot is processing personal data relating to data subjects located in the European Economic Area or the United Kingdom solely on your behalf, the terms of the Data Processing Addendum shall apply. The following terms have the meanings given in the General Data Protection Regulation (EU) 2016/679: “personal data”, “controller”, “data subject” and “process”.
What is DirectorySpot doing for the GDPR
As a company with customers in Europe and other countries outside of the US, DirectorySpot is up to speed with the implications that the EU General Data Protection Regulation has for businesses.
We appreciate the privacy needs of DirectorySpot customers as well as their users and, as such, have implemented — and will continue to improve — technical and organizational measures in line with the GDPR to safeguard the personal data processed by DirectorySpot.
We have established a process for onboarding third-party service providers and adopting tools that makes sure that these third-parties meet the high expectations that DirectorySpot and its customers have when it comes to privacy and security.
Readiness to comply with subject access requests
Data subjects’ ownership of their personal data is at the heart of the GDPR. We have created a readiness to respond to data subject requests to delete, modify, or transfer their data. This means that our Customer Support is well-prepared to help you in any matters involving your personal data, in addition to providing the awesome customer support experience that you are accustomed to.
In addition, to comply with GDPR, we have documented our response procedures for Data Subject Requests under the GDPR. We have also documented our Written Information Security Policy. Please contact our security team at firstname.lastname@example.org to obtain either of these documents.
All of the above is supported by training efforts so that the GDPR compliant processes are followed.
DirectorySpot is firmly committed to meeting GDPR requirements and to ensuring our global customers that we take security of their data very seriously. For us, these processes and procedures demonstrate our respect to individuals’ privacy and responsibility in handling personal data.