Compliance with the new Europe (EU) General Data Protection Regulation (GDPR), which is due to take effect from 25 May 2018, has been and will continue to be a focus for World Manager for 2018 and beyond.
As part of our GDPR readiness project, World Manager commissioned Information Security experts to perform an independent Privacy Gap Analysis against the General Data Protection Regulation (GDPR) for the World Manager platform.
The Privacy Gap Analysis found that with respect to the GDPR, World Manager is classified as a Data Processor, meaning that the requirements potentially applicable to it are reduced, compared to the requirements for Data Controllers. It also found that World Manager’s relationship with their Brands (customers) mean that Brands are defined as the Data Controllers for their respective data.
Based on the results of the above Gap Analysis and the recommendations provided, we have already or are in the process of completing the following to ensure GDPR compliance:
- Brand Agreements will be made to be more clear with regards to responsibilities surrounding user data as per GDPR requirements.
- We have identified any missing or out of date internal documentation or documented processes relating to privacy or GDPR and have taken steps to ensure that these are either updated or are in the process of being updated as per GDPR requirements.
- We have developed an Incident Response Plan and Notification Plan to supervisory authorities, data controllers (Brands) and data subjects in accordance with GDPR (and Australian Privacy Act/NDB) requirements.
- We will be conducting training for all relevant employees on the subject of GDPR regulations and related privacy procedures (EG: Data Breach Notification protocol). This will be included in our induction training moving forward for relevant employees.
- We have ensured that our hosting provider, Amazon Web Services (AWS) is fully GDPR compliant as we rely on AWS for multiple aspects of GDPR compliance, such as physical data centre security, secure infrastructure management, and others. (For full details regarding AWS and GDPR, please refer to the AWS GDPR Center)
Further to the above, we will also be continuing to develop and implement additional enhancements to our processes, infrastructure and product over the long term as part of our commitment to data security and privacy.
If you require any further information, please contact us via: firstname.lastname@example.org