EU General Data Protection Regulation (GDPR) is an important step to strengthen data privacy rights to harmonize data privacy laws across Europe. The regulation was approved by the EU Parliament in April 2016 and came into effect on May 25, 2018. GDPR affects companies processing or controlling personal data of data subjects located in the EU.
Personal data consists of any information that allows to identify a person directly or indirectly. This could be such things as a name, an email address, bank details, an IP address or a social media post.
At Frontify, data privacy has been an important foundation for all the work we have done in the past and it will continue to be an essential part of our company’s DNA. Regarding GDPR, we’ve conducted a thorough gap analysis, making us GDPR compliant since May 25, 2018. We have improved and incorporated various areas affected by GDPR, such as the legal basis for data processing, rights of data subjects, obligations of controllers and processors, privacy notice, security aspects, data breaches, privacy and data protection by design, data protection impact assessments, or data transfer mechanisms. We additionally expanded our team to further ensure data privacy.
We make sure that personal data transferred outside of the EU is handled by trustworthy vendors. Vendors are regularly examined and individual data processing agreements are signed. When transferring personal data to the United States, checks of the validity of their EU-U.S. and Swiss-U.S. Privacy Shield act as a valid legal mechanism to comply with requirements.
If you have any inquiries or requests, please don’t hesitate to contact us at firstname.lastname@example.org
Download our latest Data Processing Addendum here.