Pathways for GDPR Readiness
REVLINKER is committed to the confidentiality, data privacy and security of its enterprise customers and their end-users. We are investing and will continue to invest extensive resources towards maintaining the highest levels of data protection, privacy and security standards. We are compliant with applicable laws and regulations, and are committed to compliance with the EU GDPR and related guidelines well before the May 2018 deadline.
The GDPR applies to anyone collecting or processing personal data of individuals within the EU. Some of the key privacy and data protection requirements of the GDPR include:
- a) processing of personal data must be lawful, fair and transparent – meaning that personal data needs to be used under a valid consent of the data subject and only in connection with the services provided; (b) personal data should be stored and used for the minimum amount of time necessary for the services provided; (c) there needs to be a well-defined, clear purpose for the use of the personal data; (d) personal data must be kept secured and confidential, (e) a person has the right to control their personal data, including the right to access it and to have it deleted; and (f) corporate personal data processes and policies must be clearly delineated.
In light of the above,
- REVLINKER only processes personal data in relation to the services it provides to its customers per their instructions and configuration. We obtain assurances that personal data we receive is provided to us in accordance with applicable laws under required consents and legal grounds.
- We do not sell or re-broker client data.
- REVLINKER’s data processing has been designed to be performed through EU-based AWS and Google Cloud servers.
- REVLINKER is already EU-US Privacy Shield certified, and maintains stringent data confidentiality, privacy, security, processing and storage standards.
- REVLINKER is SOC II and TRUSTe certified and undergoes infosec annual audits and certification renewal processes.
- REVLINKER provides its clients and its clients’ end-users the ability to opt-out of the processing of personal data.
- REVLINKER offers the ability to anonymize and hash personal data, in a manner than maintains the quality and accuracy of the services.
- REVLINKER provides its clients the option to have all personal data of their end-users processed in the EU (including EU approved countries with an adequate level of data protection). Clients wishing to access this data outside of the above-mentioned regions will sign a DPA or the required EU Standard Contractual Clauses.
- REVLINKER maintains corporate policies and procedures ensuring data privacy and information security.
What Is GDPR? How Does It Affect REVLINKER Clients?
GDPR, or the General Data Protection Regulation, is the European Union’s new privacy law that updates and enhances its data protection requirements. Among the changes in the new rules, the definition of personal data has been broadened, and with it the scope of who is covered by the law.
Under GDPR, any company that markets products and services to individuals in the EU is affected, even when that company is not located in the EU. This means that GDPR applies to all REVLINKER clients located in the U.S. and around the world that work with the personal data of individuals who reside in the European Union.
You can read the full GDPR FAQ here >> https://www.eugdpr.org/gdpr-faqs.html.