EU General Data Protection Regulation (GDPR) is an important step to strengthen data privacy rights to harmonize data privacy laws across Europe. The regulation was approved by the EU Parliament in April 2016 and came into effect on May 25, 2018. GDPR affects companies processing or controlling personal data of data subjects located in the EU.
What is personal data?
Personal data consists of any information that allows to identify a person directly or indirectly. This could be such things as a name, an email address, bank details, an IP address or a social media post.
- Art. 4 GDPR: ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; Source: https://gdpr-info.eu/art-4-gdpr/
Frontify is GDPR compliant since May 25, 2018
At Frontify, data privacy has been an important foundation for all the work we have done in the past and it will continue to be an essential part of our company’s DNA. Regarding GDPR, we’ve conducted a thorough gap analysis, making us GDPR compliant since May 25, 2018. We have improved and incorporated various areas affected by GDPR, such as the legal basis for data processing, rights of data subjects, obligations of controllers and processors, privacy notice, security aspects, data breaches, privacy and data protection by design, data protection impact assessments, or data transfer mechanisms. We additionally expanded our team to further ensure data privacy.
Cross border data transfers and vendor checks
We make sure that personal data transferred outside of the EU is handled by trustworthy vendors who have signed individual Data Processing Agreements and are regularly audited. In order to transfer personal data to the US we rely on the EU Standard Contractual Clauses (SCCs) as a valid transfer mechanism to comply with the legal requirements.
We are here for you
If you have any inquiries or requests, please don’t hesitate to contact us at firstname.lastname@example.org.
Download our latest Data Processing Addendum here.