What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in European Union law regarding data protection. It aims to give control over their personal data to citizens and residents of the EU as well as to unify regulations for international business.
It was adopted on April 27, 2016 and became enforceable on May 25, 2018.
Who does the GDPR affect?
The players:
- Data Controller - Organization that collects data from EU residents
- Data Processor - Organization that processes data on behalf of a data controller
- Data Subject - Citizen or resident of the EU
The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to EU subjects. It applies to all companies processing and holding the personal data of subjects residing in the European Union, regardless of the company’s location.
Jackrabbit and the GDPR
Jackrabbit takes data security and privacy very seriously and is committed to protecting our client's data, privacy, and personal information across the globe.
We are proud to say we have taken steps to ensure we support and comply with the EU's General Data Protection Regulation (GDPR).
As the data processors, we have appointed an in-house DPO (Data Protection Officer). We engaged counsel specializing in GDPR who assisted us by reviewing our data and privacy procedures. They helped us pull together the necessary supporting documentation, processes and procedures to comply with the GDPR and also to provide our clients with the documentation they need.
We believe the GDPR is a big step in the right direction towards better data protection and privacy.
Update: May 10, 2018
Our retained counsel has completed a review of our Data mapping inventory and summarized this information into a GDPR Data Mapping Chart for our use. This has been identified as the best first steps in getting the vast areas of GDPR implemented.
As a result, they are drafting two new documents for us:
- A new public "privacy policy" which will be high-level and for public consumption, likely linked on our websites.
- A more specific Data Privacy document for our clients stating what our data protections, security practices and commitments are for the GDPR.
Under consideration is an additional "Privacy Policy" link(s) to the parent during the registration process. GDPR does not state specifically HOW or WHERE we should do this, only that the privacy policy be made available. It can be included as a link from their website, in their Registration form Agreement text (legalese) or within an Email template. We are working on the logistics of this.
Update: May 23, 2018
Based on guidance from our legal counsel, we now have a new “Data Privacy and Data Security Agreement” that can serve as a “contract” between a client in the EU (acting as the “Controller” of the personal data) and Jackrabbit (acting as a “Processor” of the personal data) and satisfies Article 28.3 of the GDPR.
Our Data Privacy and Data Security Agreement is available on request. Send us an email at billing@jackrabbittech.com if you’re interested in receiving one.
We have also updated our public Privacy Policy to include the newer, GDPR language. Click here to read our complete Privacy Policy.