Q: What is GDPR?
A: GDPR stands for General Data Protection Regulation.
On May 25, 2018, the EU General Data Protection Regulation (GDPR) will become effective bringing new global data protection rights for individuals in the European Union.
Teamable wholeheartedly supports the privacy rights of its customers and their users and is proactively working toward GDPR compliance by May 25, 2018.
As we all work to understand and apply GDPR concepts to our business, we’ve created the below outline to keep you informed of our efforts. We’ll be proactively reaching out to our customer base once we have best practices to share.
Q: What steps is Teamable taking to comply with GDPR?
A: Current Efforts
Consult with our counsel to understand legal interpretations of the GDPR requirements.
Work with other leading technology firms to understand the market’s general interpretation and best practices.
Perform a Data Protection Impact Assessment as a security review to determine compliance with GDPR security requirements and industry best standards.
Based on our research, we’re developing our working interpretative model as a reference and guide for internal processes.
Using our research and model, we’re defining the product roadmap necessary to allow Teamable as Controller and Teamable as Processor to work toward compliance with GDPR.
Our DPA is being revised to reflect both regulatory and operational changes related to GDPR.
Product & Process implementation
We are beginning to implement pieces of the compliance roadmap within our product offering.
We are pursuing a full review of our vendors who act as sub-processors for Teamable data, auditing their approach to GDPR, and working on creating DPAs where necessary.
Communication & messaging.
Finalize and communicate strategy to internal employees, website visitors and customers.
Q: What product changes is Teamable making in anticipation of GDPR?
A: Product strategy is being finalized, and a definitive list of changes is forthcoming. We will be reviewing and implementing necessary product changes and adjustments relating to:
User identification processes and mechanisms.
Deletion mechanisms specific to identified users.
More fine-grained mechanisms to exclude specific data.
Q: How is Teamable thinking about compliance for you, our customers, and what do you need to do?
A: It is important to note that Teamable is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance.
We are a processor (and occasionally a subprocessor) with respect to the end users whose data Teamable receives: our customers’ users.
As a customer of Teamable, you are a data controller and Teamable is acting as your data processor for your users. In this respect, you’ll want to take the following steps as we approach May 25th:
If you have customers in the EU, we’ll be providing an updated DPA to get signed. Email firstname.lastname@example.org for more information.
Perform your own research, modeling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.
Be thinking about how you’ll handle Consent on your site. Watch for updates from Teamable related to product functionality or T&C changes.