What is the GDPR?
The EU General Data Protection Regulation (GDPR) is a new comprehensive data protection law that comes into effect on May 25, 2018. It will replace existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual.
It will be a single set of rules which govern the processing and monitoring of data of EU citizens and residents.
In simpler terms - we both hold and process your private data (like your name), so under the new regulations it means that we just need to take some additional steps to ensure that your data is secure, and that you're okay with us handling your data.
What do you need to do?
Nothing. We've done it all for you!
What is Figured doing about the GDPR?
Figured has always believed in the fundamental rights our users have to their own data, and take very seriously the trust placed in us by our users to maintain the security, integrity and availability of their information.
We welcome the principles around data privacy and security that are set out by the GDPR and are committed to demonstrating compliance by the 25 May 2018.
This is a summary of what Figured has done to ensure we are compliant with the GDPR:
- We conducted an assessment of our obligations under the GDPR and ran a project to ensure that we were compliant with the regulation ahead of 25 May 2018.
- We've updated our Privacy Notice to be compliant with the GDPR.
- We've updated our internal Incident Response framework to be compliant with the GDPR.
- Performed a data mapping exercise to record how we process and store any personal data that we collect.
- We have reviewed the basis for our transfer of data outside the EEA and have in place appropriate protections, this is detailed in our Privacy Notice.
- Reviewed our agreements with the sub-processors used by Figured to ensure they are compliant with the GDPR as a data processor.
- We've appointed a Data Protection Officer to oversee our compliance with the GDPR and serves as the point of contact between Figured and Supervisory authorities. This is Richard Wyke, our Chief Technology Officer. Richard can be contacted on matters relating to our compliance with the GDPR at firstname.lastname@example.org.
- Our representative in the European Union is Figured Software UK Limited (Company Number 11377806) and can be contacted on matters related to the processing of data via email@example.com.
If you're interested in reading about our sub-processors (other companies who process your data) at Figured, then you can check out the article here which outlines who they are, what they do, and where in the world they are.
Can you send me the information you have for me?
Absolutely! Send us an email at firstname.lastname@example.org and within the set 30 days we'll provide you all of the data we hold for your account. This is called a subject access request.
The GDPR only applies to EU residents, but we're more than happy to do this for any of our other users in the world as well.
If you'd like us to remove any of your data, just send us an email and we can do that for you too.