General Data Protection Regulation (GDPR)
Reading time: 2 minutes
What is GDPR?
In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). GDPR is a significant change in data protection regulation in the EU and replaces the existing legal framework (the Data Protection Directive and the various member state laws). It will come into effect on May 25, 2018.
Why is GDPR important?
GDPR adds some new requirements regarding how companies should protect individuals’ data that they process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breaches. We are following the developments about GDPR and are taking the necessary steps to become compliant.
Does GDPR require that my information be stored in the EU?
No. Under GDPR a company is allowed to transfer personal data outside of the EU provided that it puts in place a mechanism, approved under GDPR, to make sure that personal data is adequately protected even when it is transferred outside of the EU.
Who are your sub-processors?
We share certain information with companies that may be considered our “sub-processors” under GDPR. This information is limited to the following:
- We use Olark as help desk software to communicate with our customers. Sometimes these communications includes the personal information of your customers’ information.
- We use Amazon Web Services (storage), Sendgrid (email), Stripe (payment) and Digital Ocean (website). These companies host the data on physical and cloud servers that we pay for.
How do you manage access to my information (DSR requests)
As of now our intention is to service DSR requests (such as delete and export) manually. If you have an account with us, you may access, correct, or request that we delete your personal data by contacting us at email@example.com
This request can include personal data of other individuals, like your employees or customers that you have provided to us and who have requested this of you. We will respond to these requests within 14 days or less, which is well within the GDPR requirement of 30 days.
What has ALBUMDRAFT done to comply with GDPR?
We have implemented and are implementing changes
Our compliance, data protection, and information security teams are working to prepare our services for GDPR. We reviewed our data processing activities, and are making any changes that are needed in advance of the GDPR effective date.
We are here for you
We are working with our customers to answer any questions and address any concerns regarding how we protect their personal data and gearing up for GDPR. If you have any questions, please don’t hesitate to contact us at firstname.lastname@example.org
Share this post with your photographer friends