Our commitment to the upcoming EU Data Regulation.
The EU General Data Protection Regulation (GDPR) will set a new standard for how companies use and protect EU citizens’ data. It will take effect from May 2018.
At Whisk, we’ve been working hard to prepare for GDPR, to ensure that we fulfill its obligations and maintain our transparency about how we use data. We’ve been working with our teams and lawyers to figure out how to convert GDPR legal provisions into tangible actions. We’ve been asking lots of questions, and our customers have been asking us questions.
Here’s an overview of GDPR, and how we are preparing for it at Whisk.
The EU General Data Protection Regulation (“GDPR”) is a new comprehensive data protection law that comes into effect on May 25, 2018. It will replace the existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It will be a single set of rules which govern the processing and monitoring of EU data.
Does it affect me?
Yes, most likely. If you hold or process the data of any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
How is Whisk preparing for GDPR?
Our teams have been working to define our GDPR roadmap. This is an overhaul of processes and data models to make sure we’re meeting our legal obligations, and doing the best thing for our customers while still letting us move fast, scale, and build great products.
Whisk is responsible for implementing the right measures to ensure our user data is processed and stored in compliance with GDPR. We are both a Data Controller and Processor.
We’re building new features
Our teams are building the necessary features that will enable our customers to easily and fully delete all data linked to an individual user. These will be released at the end of April 2018.
Whisk can help you meet your data portability requirements for GDPR, you can easily request an export of your user data that Whisk stores.
We’re updating our Data Processing Agreements (DPAs):
Strong data protection commitments are a key part of GDPR’s requirements. Our updated data processing agreement shares our privacy commitments and sets out the terms for Whisk and our customers to meet GDPR requirements. This will be available for customers to sign upon request.
We’re registered with the ICO
We're registered with the Information Commissioner's Office (ICO), The UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals
We’ve appointed a Data Protection Officer
We’ve appointed a Data Protection Officer to oversee and advise on our data management. Get in touch through the messenger or by emailing firstname.lastname@example.org.
We’re coordinating with our vendors
We’re reviewing all our vendors, finding out about their GDPR plans, and arranging similar GDPR-ready data processing agreements with them.
We take security measures seriously
Security is a priority for us. We’ve built a robust security framework over the past couple of years and reviewed our internal access design to ensure the right people have access to the right level of customer data. More details are available on our Security page.
We’ll keep sharing information on our progress, and we’ll also help our customers and prospective customers are compliant.