GDPR

Disclaimer: None of the content below is legal advice. Please seek legal counsel for specific recommendations related to GDPR compliance.

What is GDPR?

GDPR is a comprehensive set of policies designed to safeguard the privacy of citizens of the EU. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.
Specifically, the GDPR grants the following rights to every EU citizen:

  1. The right to be informed about what personal data you intend to maintain, why access to that data is required and how you intend to process it.
  2. The right of access to the personal data that you hold about them, at no extra cost.
  3. The right of rectification of inaccuracies in their personal information.
  4. The right to erasure of their personal information from your systems, and third-party systems to which this data may have been propagated.
  5. The right to restrict processing of their personal data.
  6. The right to data portability.
  7. The right to object to further processing of their personal data.
  8. Rights regarding automated decision making.

The following are the key principles for the GDPR:

Consent Management:

If you collect and/or process personal information, then you must ensure that you do so only with clear and specific consent of your users.

The onus is on you to ensure that your users know exactly what they are signing up for. To do so you can simplify the language of your Terms of Service and Privacy Policy, clearly mentioning what personal data you intend to hold and process.

Information Security:

The GDPR requires businesses to take necessary measures to ensure a high level of information security. If you save or process the personal data of EU citizens, then you are accountable for securing this data as per industry best practices. Screen-Magic is ISO 27001 certified and has taken measures for securing the data.

The GDPR also requires some organizations to appoint a dedicated Data Protection Officer (DPO). Consult with a GDPR expert to ascertain if your organization needs to appoint one.

Data Minimization:

This is one of the key points for GDPR compliance. For data minimization, you should only hold the minimum personal information needed by you to offer your services effectively.

Additionally, personal data should only be maintained for the period necessary and should be deleted once its utility is lost.

Today, data storage is inexpensive. As a result modern systems and products tend to maintain data in excess, and for longer periods of time. We recommend you do a thorough audit of your data systems and logging strategy.

What is Screen-Magic doing to get GDPR ready?

Screen-Magic has been working on a dedicated roadmap that places customer consent, information security, and data minimization at the very core of its GDPR compliance. Though Screen-Magic does not have any physical location/office in the EU, it understands that many of Screen-Magic clients will need to comply with GDPR and will require Screen-Magic to be GDPR compliant.

Thus, Screen-Magic with its GDPR program assures its clients to continue using our product with the same confidence and trust that they have demonstrated toward the Screen-Magic product.

Below are the details on how we are preparing to be compliant by implementing specific technical, organizational, and legal measures to address data privacy and security concerns.

  • Screen-Magic has started the process of implementing the specific technical and organizational measures to ensure data privacy and security.
  • Internal processes and protocols are being put in place to address the GDPR requirements with regards to the storage, processing, and control of the personal data.
  • Screen-Magic has started the process of revising the contractual terms in the form of the Data Processing Addendum/Agreement in accordance with the GDPR requirements.

Our Data Processing Agreement will be shared with all customers before May 25, 2018, at which point it will come into effect. This document will work as an addendum to our standard Terms of Use and Privacy Policy. If you continue using the Screen-Magic product after that date, your actions will be construed as acceptance for the terms of the Data Processing Agreement.

Conclusion:

As your communications partner, we understand that our compliance with GDPR is critical for your business. We are taking the appropriate actions to ensure your customer data stays safe. We will continue to share regular updates about upcoming changes.