Connecteam is GDPR ready
At Connecteam, nothing to us is more important than the success of our customers and the protection of their personal data. With customers all around the world, we adhere to the General Data Protection Regulation (GDPR). The GDPR expands the privacy rights granted to European individuals and requires certain companies that process the personal data of European individuals to comply with a new set of regulations. In particular, the GDPR may apply to companies that process the personal data of European individuals and have a presence in the EU (e.g. offices or establishments) and to companies that do not have any presence in the EU but target the European market (e.g. by offering goods or services to the European market) or monitor the behavior of European individuals. We’re here to help our customers in their efforts to comply with the GDPR.
What is GDPR?
In 2016, the European Union (EU) approved a new privacy regulation called the General Data Protection Regulation is commonly known as the GDPR. It’s a mandatory ruling that applies to all companies that collect the data and information of EU individuals and meet certain territorial requirements. The GDPR is designed to strengthen the security and protection of personal data in the EU, as well as provide businesses with a structured framework on how to collect, process, use, and share personal data. Under the GDPR, the concept of “personal data” is very broad and covers almost any information relating to a specific individual.
When are these regulations starting to be enforced?
All companies collecting or processing the personal data of EU individuals must be GDPR compliant by May 25, 2018.
Controllers and Processors
The GDPR defines and distinguishes between two types of parties and responsibilities when it comes to collecting and processing personal data: data controllers and data processors. A data controller determines the purposes and ways that personal data is processed, while a data processor is a party that process data on behalf of the controller. That means that the controller could be any company or organization. A processor could be a SaaS, IT or other company that is actually processing the data on behalf of the controller. Connecteam is a Data Processor. Connecteam customers (the organizations who use Connecteam) are Data Controllers. The controller is responsible to make sure that all processors with whom it deals will be GDPR compliant and the processors themselves must keep records of their processing activities.
What steps were taken by Connecteam following the GDPR requirements?
We welcome the arrival of GDPR and view the regulations as raising the bar for data protection, security, and compliance. We will continue to be committed to our customers and users to help them comply with the GDPR while using Connecteam as their data processor.
We worked with our engineering, product, security and legal teams to make both our product and our legal terms in line with the GPDR and will continue to ensure they keep in line continuously. As part of Connecteam GDPR readiness project we’ve taken the following steps:
- Reviewed and strength our security infrastructure and practices, data encryption in transit and at rest, backup, logs and security alerts.
- A risk assessment and data mapping process were made to make sure any data that may be stored or processed is processed and managed according to the GDPR instructions.
- We’ve made sure we have the appropriate contractual terms in place, to perform our role as a data processor for our customers while complying with the GDPR.
- We’ve put on place all the internal procedures, processes and controls and recurring training sessions for the team, to ensure our on-going compliance with the GDPR
- Performed security and privacy assessment to our sub-processors to ensure they are all complying with the GDPR requirements.
- We’ve appointed a Data Protection Officer (DPO).
- We’ve developed and we’re making available these days product features that allow the organization to deal with data deletion:
- Delete users profile: Admin can now delete users’ personal data from the system (in their own initiative or as per user’s request), this will allow the organization to meet the GPDR requirements. This will delete the user name, phone, email, picture, address, title, social networks references, and other customer fields if provided. Deleted user will be backed up for 180 days.
- Delete account: While canceling an account, admin can decide if they want to keep the organization information backed up (including personal data) for future use or delete it permanently.
We’ll continue to monitor the guidance around GDPR compliance and will ensure that our product and processes are complying with those guidance when they become effective.
Does Connecteam offer a Data Processing Agreement (DPA)?
Yes. You can view our Data Processing Agreement/addendum (DPA) online. If you need a signed copy of the DPA, you can download it, send a signed copy to [email protected] and we’ll provide you a countersigned copy.
Does Connecteam has a Data Protection Officer (DPO) appointed?
Yes. We have appointed Advocate, Chen Shofar, as our Data Protection Officer, for monitoring and advising on Connecteam’s ongoing Privacy compliance, and serving as a point of contact on Privacy matters for data subjects and supervisory authorities. Chen may be reached at [email protected]
Does the GDPR prevent a company from storing data outside of the EU?
Nothing in the GDPR prevents businesses from storing data outside of the EU, provided that the data processors adhere to the necessary regulations and protections. At Connecteam, we store our data with Microsoft Azure and Amazon Web Services (AWS), which are both based in the EU (Azure in the Netherlands, AWS in Germany). Like Connecteam, Azure and AWS has announced that they are GDPR ready.
Where can I learn more about GDPR?
Additional information is available on the official GDPR website of the European Union.
I have more questions. Who should I contact?
If you have any additional questions about the GDPR you are welcome to contact us at [email protected]
Do you have an EU Representative?
Yes. Maetzler Rechtsanwalts GmbH & Co KG has been designated as Connecteam’s representative in the European Union for data protection matters pursuant to Article 27 of the GDPR. Maetzler Rechtsanwalts GmbH & Co KG may be contacted only on matters related to the processing of Personal Data. To make such an inquiry, please contact Maetzler Rechtsanwalts GmbH & Co KG through this contact form.