🇪🇺 EU GDPR
Your Personal Data Matters To Us | GDPR
🛡️ Safeguarding the security of your data and ensuring compliance is an essential part of our mission. We continue to invest effort and resources in improvements in this area.
On May 25, 2018, a European privacy law, the General Data Protection Regulation (GDPR), has taken effect.
The GDPR imposes new rules on companies and organizations that offer goods and services to people in the European Union (EU) or that collect and analyze data tied to EU residents. This article emphasizes how kopilot will help you to meet the upcoming GDPR requirements.
GDPR article 4 makes a clear distinction between the data controller “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” and the data processor “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”.
kopilot has both roles.
We are controller when managing data of our employees, clients, and contacts.
We are a processor concerning your data: our platform facilitates the reporting and may refer to clients, users, and contacts, yet we do not control the information you choose to manage. As a data processor, we provide the tools that help you achieve GDPR compliance.
As a data processor, we provide tools for and assistance to our clients to become GDPR compliant:
- Data is stored in the EU-region (Ireland & Germany).
- We have data processing agreements in place with our subcontractors to ensure they will respect our obligations as a data processor.
- We continuously invest in technical and organizational measures to safeguard the safety and reliability of our platform.
- Our internal policies and procedures have been updated to comply with the different obligations under GDPR.
- We added extra functions in kopilot to facilitate GDPR compliance (e.g., when deleting an account, there is the option to hard-delete the record from our systems).
It is important to note that it is your responsibility to respect GDPR guidelines as a data controller. Keep in mind following principles as you and your team prepare:
- Personal data collected needs to be processed in a fair, legal, and transparent way. It should not be used in any way that a person would not reasonably expect.
- Personal data should only be collected to fulfill a specific purpose and not further used in a manner that is incompatible with those purposes. Organizations must specify why they need personal data when they collect it Personal data held needs to be kept up-to-date and accurate. It should be held no longer than necessary to fulfill its purpose.
- EU citizens have the right to access their data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization without hindrance.
- All personal data needs to be kept safe and secure, and companies undertaking certain types of activities are now required to appoint a data protection officer (DPO).
More information is available on gdpr-info.eu. We advise to contact a lawyer should you have specific questions on your obligations under the GDPR.