What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
When the GDPR takes effect, it will replace the 1995 Data Protection Directive.
GDPR becomes enforceable from 25 May 2018.
If you want to read more about GDPR, visit this page:
Our commitment to GDPR Compliance
At Survicate, we write Customer with a capital „C”. We do our best to implement services that fulfill our Customers’ needs. One of the most important Customers’ requirement is the security of their data. That is why for us it is paramount. Survicate understands how the fulfillment of GDPR obligations will improve protection of our Customers’ data.
We are fully committed to achieving compliance with the GDPR prior to the regulation’s effective date.
Here’s an overview of how we are preparing for GDPR at Survicate:
• Form a GDPR compliance team and assign responsibilities. COMPLETED
• Assess GDPR readiness – thorough research of the areas of our product and our business impacted by GDPR. COMPLETED
• Appoint a Data Protection Officer. COMPLETED
• Review data protection policies, procedures, processor and sub-processor agreements. COMPLETED
• Develop requirements of product changes to fulfill GDPR obligations. COMPLETED
• Implement the required changes to our internal processes, policies, procedures, and processor and sub-processor agreements to achieve compliance with GDPR. COMPLETED
• Perform the necessary changes to our product based on the requirements. COMPLETED
• Perform an audit of all changes to verify and validate compliance with GDPR. COMPLETED
• Communicate our compliance with GDPR. COMPLETED
Survicate engaged with outside attorneys on our approach. We felt this is very important because the legislation is so new and far-reaching.
More information about our approach to GDPR compliance
Privacy by design and by default:
Our application has been checked in terms of the scope of collected data and the method of the information breach. We used the PBD procedure.
Data processing agreement:
Each user accepting the regulations agrees to the conditions of entrusting personal data. In addition, your company may enter into a data protection agreement. If you have questions, please contact: firstname.lastname@example.org .
Security is important:
We undertake an analysis of the risks, and we have procedures. Here are some of them:
- When deciding what measures to implement, we take account of the state of the art and costs of implementation.
- We have an information security policy and take steps to make sure the policy is implemented.
- Where necessary, we have additional policies and ensure that controls are in place to enforce them.
- We make sure that we regularly review our information security policies and measures and, where necessary, improve them.
- We have put in place basic technical controls such as those specified by established frameworks like Cyber Essentials.
- We understand that we may also need to put other technical measures in place depending on our circumstances and the type of personal data we process.
- We use encryption and/or pseudonymization where it is appropriate to do so.
- We understand the requirements of confidentiality, integrity, and availability of the personal data we process.
- We make sure that we can restore access to personal data in the event of any incidents, such as by establishing an appropriate backup process.
- We conduct regular testing and reviews of our measures to ensure they remain effective and act on the results of those tests where they highlight areas for improvement.
- Where appropriate, we implement measures that adhere to an approved code of conduct or certification mechanism.
- We ensure that any data processor we use also implements appropriate technical and organizational measures.