Compliance with GDPR is a mandatory exercise in all organizations, which is aimed at protecting EU Citizens’ personal data and increasing the transparency of the ways in which data is used. This is applicable to any business across the world that holds/processes data of EU citizens.
In this context, our product and marketing teams at Easygenerator have made an effort to ensure that the authoring tool and the website are GDPR compliant.
Here’s an overview of GDPR, and how we prepared for it at Easygenerator:
What’s GDPR?
The EU General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that came into effect on May 25, 2018. It replaced the existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It's a single set of rules which governs the processing and monitoring of EU data.
How Easygenerator complies with GDPR
Easygenerator implemented its company-wide GDPR compliance strategy ahead of the May 2018 due date. Here are the main things we did to ensure we set up ourselves and our customers to meet GDPR obligations:
Data Processing Agreements
We documented all the customer details that surface all along the user journey of our product and website.
We are maintaining a record of what personal data we hold, where it came from, and how we store them.
We updated our Privacy, Security, and Usage Terms & conditions with data protection agreements.
We clearly specify the consent, retention, and purpose of data (why we want the data and what we’re going to do with it).
Where we are storing and transferring personal data, we implemented the right encrypted transmission mechanism to safeguard the user's information.
When processing personal data regulated under GDPR, we follow the security and privacy measures required under GDPR.
Our processor's agreement is available here.
Consent
We updated the product (sign-up, features, etc) and also the website(newsletters, cookies, etc) to clearly communicate the explicit consent and opt-out options.
Deletion
We documented the procedures to handle data requests from our users and also added new features to allow them to delete their personal details from the product.
3rd party vendors
We review all our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them.
Security measures
We ensure that Easygenerator’s employees have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
We implement the right procedures to detect and report any data breaches. Our framework regularly monitors the access and attempts on our servers.
We will notify regulators, customers, and users of breaches, promptly as required by the GDPR.
We are ISO 27001 certified, which not only provides us with instructions on how to keep the acquired data secure and confidential but also helps us to recognize security breach incidents immediately and take appropriate action.