¿Qué es ?
El Reglamento General de Protección de Datos (RGPD), es y aprobado por la ley de privacidad europea por la Comisión Europea en 2016 y entró en vigor el 25 de mayo de 2018. El RGPD reemplazará a un anterior directiva de privacidad de la Unión Europea conocida como Directiva 95/46/EC que ha sido la base de Ley europea de protección de datos desde 1995. El RGPD es y intento de fortalecer y modernizar la ley de protección de datos de la UE y mejorar los derechos y libertades individuales, de acuerdo con la comprensión europea de privacidad como un fundamental derecho humano. El RGPD regula, entre otras cosas, cómo las personas y las organizaciones pueden obtener, usar, almacenar y eliminar datos personales. En un pocas palabras,’está dando Los ciudadanos y residentes de la UE controlan sus datos personales mientras simplifican el entorno regulatorio para los negocios internacionales que tienen lugar en la UE.
Los Principios de Protección de Datos incluyen requisitos tales como como:
- Los datos personales recopilados deben ser procesados de a justos y legales , y de forma transparente, y solo debe usarse en a manera que una persona esperaría razonablemente.
- Los datos personales solo deben ser recopilados para cumplir un propósito específico y solo debe usarse para ese propósito. Las organizaciones deben especificar por qué necesitan los datos personales cuando los recopilan .
- Personal data should be held no longer than necessary to fulfill its purpose.
- People covered by the GDPR have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization.
Why is it important?
GDPR adds some new requirements regarding how companies should protect individuals’ personal data that they collect and process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breach. Beyond these facts it’s simply the right thing to do. At TaxDome we strongly believe that your data privacy is very important and we already have solid security and privacy practices in place that go beyond the requirements of this new regulation.
Data Processing Amendment
We offer a enmienda de procesamiento de datos (DPA) for our customers who collect data from folks in the EU. Our DPA offers contractual terms that meet GDPR requirements and that reflect our data privacy and security commitments to our customers.
To guarantee no terms are imposed on us beyond what is reflected in our DPA and Términos de Servicio, we cannot agree to sign customers’ DPAs. As a small team we are unable to make individual changes to our DPA as we do not have a legal team on staff. Any changes to the standard DPA would require legal counsel and a lot of back and forth discussion that would be cost-prohibitive for our team.
If you have any questions or concerns please haznos saber.
Training and Awareness
We’ve formed a core privacy team of leaders from each area of the TaxDome business, headed by our internal Data Protection Officer (DPO). The representatives in this group are the project managers who will ensure all the requirements of GDPR are covered from Marketing to Engineering to People Ops. The team meets once a month to discuss current progress towards GDPR readiness and will continue to do so. This team is also responsible for developing the TaxDome GDPR awareness training program and validating that everyone at TaxDome understands and keeps up to date on the current regulation.
We have reviewed and identified all the areas of TaxDome where we are collecting and processing customer data; categorizing and taking inventory of everything from cookies to help desk conversations. Using this matrix we have validated our legal basis for collecting and processing personal data and double checked that we are applying the appropriate security and privacy safeguards across our entire infrastructure and software ecosystem. Our Política de Privacidad identifies what we are doing with the data we collect and how we manage consent.
Updates to our third party vendor contracts
We reviewed our list of proveedores de terceros and performed a deep review of their GDPR compliance. We already had DPAs in place with most of our vendors who offer a signed version, while others took the same approach as us and had the DPA be automatically accepted as part of the Terms of Service.
Individual Data Subject’s Rights — Data Access, Portability and Deletion
We are aware that if you are working with EU customers, you need to be able to provide them with the ability to access, update, retrieve and remove personal data. We got you! We’ve been set up as self service from the start and have always given you access to your data and your customers data. You can search for and delete any end user’s conversation through our help desk UI. Our equipo de atención al cliente is here for you to answer any questions you might have.
Risk Assessment (data protection impact assessments)
Having a managed data protection impact assessment (DPIA) process is a requirement for GPDR. A DPIA process is simply a way to help us identify and minimize the data protection risks of a project. The TaxDome engineering team has always undergone security and privacy due diligence when making tooling and implementation decisions, so this requirement is an easy one for us. Any time we introduce a change to the way we handle personal data, we spend time discussing the potential impact on customers of TaxDome and possible privacy and security risks to personal data. If any risk is identified, no matter how small, our product and engineering teams collaborate on a solution that will mitigate the data privacy and security risk to anyone who interacts with the TaxDome platform. We will continue to execute this risk assessment process as we expand the TaxDome offerings.
We already have a breach management and communication plan in place to support the requirements of HIPAA y tienen updated this existing process to comply with the GDPR regulations concerning the escalation process and requirements for data subject notification.
We are here for you
We are working with our customers to answer any questions and address any concerns regarding how we protect their personal data and gearing up for GDPR. If you have any questions, please don’t hesitate to reach out.