What is the GDPR?
The General Data Protection Regulation (GDPR) was introduced to harmonize data privacy laws across Europe, to protect the data privacy of all EU citizens’ data, and to shape the way organizations across the region approach data privacy. GDPR replaced the Data Protection Directive 95/46/EC and it came into force on May 25th, 2018. The full text of the GDPR can be found here.
GDPR significantly increased the responsibilities for organizations and businesses in how they collect, use, and protect personal data. At the centre of the new law is the requirement for organizations and businesses to be fully transparent about how they are using and protecting personal data, and to be able to demonstrate accountability for their data processing activities.
Why we welcome GDPR at Fortemont
At Fortemont, we understand the importance of putting privacy and data protection in the hands of our customers, so we are fully in compliance with the GDPR. We have carefully examined the relevant provisions of the GDPR and we closely followed applicable GDPR guidance issued by regulatory authorities. The GDPR strengthens individuals’ privacy rights through tighter controls over the processing of their personal data, significant expansion of their rights over their data, and increased transparency into the nature, purpose, and use of it. In our eyes, GDPR is a good thing.
What steps did we take in preparation for GDPR?
Data collection and processing audit
We reviewed all Fortemont activities and all of our product suite to identify where we are collecting and processing customer data. Based on this, we validated our legal basis for collecting and processing that personal data. We also ensured that we are applying the appropriate safeguards across our entire infrastructure (both hardware and software) to fully protect this data.
Updated Terms of Service and Privacy Policy
We have updated our Terms of Service and Privacy Policy. These updated versions clearly outlined what personal data we’re collecting and processing, why, how we use it, who we share it with, and how long we store it for. As always, we aim to keep the language in our Terms of Service and Privacy Policy as clear as possible.
Data access, portability, and deletion
We know that you’ll want to provide the same level of GDPR compliance to your customers as we do to you. We made it easy to support your customers and give them the ability to access, handle, and delete their personal data. Because we operate on a self-service basis, you’ll always have full control over your own data, including autonomy in how you process your customers’ information. We also ensure that all of your data – and your customers’ data – is easily exportable in a commonly used and computer readable format.
Breach management
As part of our HIPAA compliance, we already have management and communication processes in place in the unlikely event of a data breach; we’ve updated these to further comply with the GDPR regulations.
We’re here to help
We know that navigating GDPR can seem daunting, but we’re here to help. If you have any questions or concerns regarding how we protect your personal data, please don’t hesitate to reach out to us at [email protected]