What is GDPR?
EU General Data Protection Regulation (GDPR) is an important step to strengthen data privacy rights to harmonize data privacy laws across Europe. The regulation was approved by the EU Parliament in April 2016 and came into effect on May 25, 2018. GDPR affects companies processing or controlling personal data of data subjects located in the EU.
What is personal data?
Personal data consists of any information that allows to identify a person directly or indirectly. This could be such things as a name, an email address, bank details, an IP address or a social media post.
- Art. 4 GDPR: ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; Source: https://gdpr-info.eu/art-4-gdpr/
Frontify is GDPR compliant since May 25, 2018
At Frontify, data privacy has been an important foundation for all the work we have done in the past and it will continue to be an essential part of our company’s DNA. Regarding GDPR, we’ve conducted a thorough gap analysis, making us GDPR compliant since May 25, 2018. We have improved and incorporated various areas affected by GDPR, such as the legal basis for data processing, rights of data subjects, obligations of controllers and processors, privacy notice, security aspects, data breaches, privacy and data protection by design, data protection impact assessments, or data transfer mechanisms. We additionally expanded our team to further ensure data privacy.
Cross border data transfers and vendor checks
We make sure that personal data transferred outside of the EU is handled by trustworthy vendors. Vendors are regularly examined and individual data processing agreements are signed. When transferring personal data to the United States, checks of the validity of their EU-U.S. and Swiss-U.S. Privacy Shield act as a valid legal mechanism to comply with requirements.
We are here for you
If you have any inquiries or requests, please don’t hesitate to contact us at firstname.lastname@example.org
Download our latest Data Processing Addendum here.