EU General Data Protection Regulation (GDPR) is an important step to strengthen data privacy rights to harmonize data privacy laws across Europe. The regulation was approved by the EU Parliament in April 2016 and came into effect on May 25, 2018. GDPR affects companies processing or controlling personal data of data subjects located in the EU.
Personal data consists of any information that allows to identify a person directly or indirectly. This could be such things as a name, an email address, bank details, an IP address or a social media post.
At Frontify, data privacy has been an important foundation for all the work we have done in the past and it will continue to be an essential part of our company’s DNA. Regarding GDPR, we’ve conducted a thorough gap analysis, making us GDPR compliant since May 25, 2018. We have improved and incorporated various areas affected by GDPR, such as the legal basis for data processing, rights of data subjects, obligations of controllers and processors, privacy notice, security aspects, data breaches, privacy and data protection by design, data protection impact assessments, or data transfer mechanisms. We additionally expanded our team to further ensure data privacy.
We make sure that personal data transferred outside of the EU is handled by trustworthy vendors who have signed individual Data Processing Agreements and are regularly audited. In order to transfer personal data to the US we rely on the EU Standard Contractual Clauses (SCCs) as a valid transfer mechanism to comply with the legal requirements.
If you have any inquiries or requests, please don’t hesitate to contact us at email@example.com
Download our latest Data Processing Addendum here.