The General Data Privacy Regulation (GDPR) or Regulation (EU) 2016/679 was drafted by the European Parliament and Council with the specific objective to “to give citizens back control over of their personal data, and to simplify the regulatory environment for business.” In other words, GDPR strengthens the rules for privacy and unifies data protection for all European Union (EU) residents.
The GDPR applies to ‘controllers’ and ‘processors’ of personal information for organizations operating within the EU and/or organizations outside of the EU that offer goods and services to individuals in the EU. A controller says how and why personal data is processed and the processor acts on the controller’s behalf. Official definitions for these terms are found in Article 4 Definitions of the Regulation.
Does GDPR Impact me and my survey program?
If you hold Personally Identifiable Information (PII) for EU customers, then YES GDPR applies.
What is my responsibility when sending information to SERVICE 800?
You will need to inform us that you have EU citizen data and a GDPR-compliant contract must be in place. Regardless of whether you are a processor or controller, if you will be passing any PII on EU citizens we must have a contract in place.
What are SERVICE 800's Responsibilities?
When you notify SERVICE 800 that you handle EU customer data, we will work with you to ensure the appropriate agreements between you and your customers are in place. SERVICE 800 uses modern technologies to secure client data and you can rest assured that we will keep your customer data safe.
The information below outlines some of the safeguards SERVICE 800 has in place to protect your customer's Personally Identifiable Information (PII)
Does SERVICE 800 adhere to Privacy Shield Principles? |
YES, SERVICE 800 complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.
|
What geographic locations are system backups hosted in? |
United States (North America, Microsoft Azure) |
Are encryption mechanisms in place for data at rest at the database layer? |
YES, all systems containing client data are encrypted at rest using 256-bit Advanced Encryption Standard (AES) |
Are encryption mechanisms in place for data in-transit? |
YES, Connections to the reporting website are secure |
Are there backups for the system? |
YES |
Are active monitoring of the application audit logs performed and documented? |
YES |
Are systems subject to periodic evaluations? |
YES, vulnerability scans are performed on a quarterly basis |
