FormAssembly and the GDPR: A Pre-Event Refresher
This information is provided as-is, based on our best understanding of the information publicly available and our consultations with our legal counsel. This is not legal advice, and we cannot answer questions about your particular situation. You should consult with your own legal counsel if you have questions about your obligations under the GDPR.
It’s been over a year since GDPR regulations went into effect. Privacy, security, and best practices are more important than ever before, particularly as more states in the U.S. consider similar legislation. As the FormAssembly team travels to events around the world, we interact with many customers and prospects who want to know to know more about GDPR data collection.
In this blog post, we’ve compiled a list of key GDPR components as they relate to FormAssembly. Refer to this quick guide and get your questions ready for us if you’re attending Salesforce World Tour London on May 23, 2019, or other events throughout the year.
What is the GDPR?
FormAssembly provides a comprehensive overview of GDPR data collection on our GDPR FAQ page. In the European Union, the GDPR (General Data Protection Regulation) is a set of laws that governs data privacy. It standardizes data collection practices throughout Europe, impacts how companies manage data privacy, and includes severe fines for noncompliance.
How does the GDPR relate to FormAssembly customers?
You can read a full explanation of how the GDPR applies to FormAssembly customers on our detailed FAQ page. Essentially, the GDPR is a shared mandate between the Data Controller and Data Processor.
As your Data Processor, we will enter into an additional agreement (the Data Processing Addendum) which contractually binds us to meet our Data Processing obligations to protect the rights of the data subjects.
How does FormAssembly help with compliance?
FormAssembly’s Data Processing Addendum is a signed, contractual obligation between us and our customers. This contract is available for download and is extremely important. As the Data Controller, FormAssembly strives to assist customers in meeting various obligations under the GDPR. These vital actions may include retrieving, editing or deleting personal data, and obtaining and preserving proof of consent when applicable.
FormAssembly also provides a GDPR Request Form template that you can leverage to accept data requests from EU customers and maintain compliance.
Where can I find more information?
As your web platform provider, we understand that there is much to learn when it comes to GDPR data collection. Maintaining a good grasp on definitions and verbiage is extremely important for compliance. Whether you are a customer in the United States, the European Union, or elsewhere, we encourage you to research the GDPR. Pre-enforcement, we created a library of materials on GDPR compliance that are still helpful if you need to read up on the regulation. Here are a few of our favorite guides:
- An interview with FormAssembly founder, Cedric Savarese, and Elements.Cloud founder, Ian Gotts – Understanding Informed Consent and Transparency under GDPR
- A co-hosted webinar with FormAssembly and Cloud for Good – How to Approach the GDPR & Resources to Help You Navigate International Waters
- A whitepaper assembled with the help of 5 FormAssembly partners with data collection expertise – Unpacking GDPR: 5 FormAssembly Partners Weigh in on the Regulation
- A comprehensive eBook specifically for FormAssembly customers – Data Collection and the GDPR: What You Need to Know as a FormAssembly Customer
What’s new in 2019?
Data privacy and best security practices will always be topics of conversation at FormAssembly! Although the regulation has been in place for many months, and the latest GDPR updates are ever-evolving, we’re committed to updating our resources with news and events that apply to your use of web forms. Before you head to Salesforce and other events this year, make sure to check out the latest recommendations and updates on data governance, compliance fines, and the Washington Privacy Act.
