Compliance with GDPR is a mandatory exercise in all organizations. It is aimed at protecting EU citizens’ personal data and increasing the transparency of the ways in which data is used. This is applicable to any business across the world that holds/processes data of EU citizens.
In this context, our product and marketing teams at Easygenerator have made an effort to ensure that the authoring tool and the website are GDPR compliant.
Here’s an overview of GDPR, and how we prepared for it at Easygenerator:
What is GDPR?
The EU General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that came into effect on May 25, 2018. It replaced the existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It’s a single set of rules which govern the processing and monitoring of EU data.
How Easygenerator prepared for GDPR
Easygenerator implemented its company-wide GDPR compliance strategy ahead of the May 2018 due date. Here are the main things we did to ensure we set up ourselves and our customers to meet GDPR obligations:
Data Processing Agreements
- We documented all the customer details that surface all along the user journey of our product and website.
- We are maintaining a record of what personal data we hold, where it came from and how we store them.
- We updated our Privacy, Security and Usage Terms & conditions with data protection agreements.
- We clearly specify the consent, retention, and purpose of data (why we want the data and what we’re going to do with it).
- Where we are storing and transferring personal data, we implemented the right encrypted transmission mechanism to safeguard the user information.
- When processing personal data regulated under GDPR, we follow security and privacy measures required under GDPR.
- Our processor’s agreement is available here.
We updated the product (sign up, features, etc) and also the website(newsletters, cookies, etc) to clearly communicate the explicit consent and opt-out options.
We documented the procedures to handle data requests from our users and also added new features to allow them to delete their personal details from the product.
3rd party vendors
We review all our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them.
- We ensure that Easygenerator’s employees have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
- We implement the right procedures to detect and report any data breaches. Our framework regularly monitors the access and attempts on our servers.
- We will notify regulators, customers, and users of breaches, promptly as required by the GDPR.