Work.Management’s Commitment to GDPR Compliance
The General Data Protection Regulation (“GDPR”) is a European law establishing protections for the personal data of EU residents that came into force on May 25, 2018. Under the GDPR, organizations that collect, maintain, use, or otherwise process EU residents’ personal data (regardless of the organization’s location) must implement certain privacy and security safeguards for that data. Work.Management has established a comprehensive GDPR compliance program and is committed to partnering with its customers and vendors on GDPR compliance efforts. Some significant steps Work.Management has taken to align its practices with the GDPR include:
Data Processing Agreements
Under the GDPR, “data controllers” (i.e. entities that determine the purposes and means of processing data) are required to enter into agreements with other entities that process data on their behalf (called “data processors”). Work.Management offers its customers who are controllers of EU personal data the option to enter into a robust data processing agreement under which Work.Management commits to process and safeguard personal data in accordance with GDPR requirements. This includes Work.Management’s commitment to process personal data consistent with the instructions of the data controller.
International Data Transfers
As with prior EU data protection laws, the GDPR requires organizations to use a recognized legal mechanism to transfer data from the EU to other countries that do not have a similar data protection framework, including the United States. To comply with this requirement, Work.Management is certified under the EU-US Privacy Shield framework, which requires it to maintain certain safeguards for personal data transferred to the United States. Additionally, Work.Management offers customers who are data controllers of EU personal data the option to enter into EU Model Contractual Clauses with us upon request.
Data Access, Management, and Portability Tools
The GDPR requires organizations to use appropriate technical and organizational measures to protect the security, confidentiality, and integrity of personal data. Security continues to be a priority for Work.Management. Have implemented a variety of safeguards to protect the security of our platform, including encrypting web connections to protect data transmissions, replicating our databases to support reliability of the platform, and controlling access to our facilities and office network.
Ongoing Compliance and Communication
The GDPR’s requirements are comprehensive, but the law and regulatory guidance will evolve. As data protection authorities in Europe interpret the GDPR’s requirements and issue guidance, we will continue to follow these developments closely and evaluate our program for any changes or enhancements as needed. We value communication with our customers. If you have any questions about our GDPR compliance efforts, or if you are a data controller customer with questions about how we can help support your own GDPR compliance efforts, please contact us at firstname.lastname@example.org.