The GDPR is going into effect May 25, 2018, and applies to organizations both within the EU and organizations in other locations that deal with the data of people in the EU. Learn more about this important EU regulation and how it applies to you as a FormAssembly customer.
- What is the GDPR?
- The EU GDPR (General Data Protection Regulation) is a law that deals with data privacy in the European Union. Taking the place of a 1995 directive, the GDPR is updated to fit with the changing times. As a regulation, rather than a directive, the GDPR is enforceable and carries with it large fines for non-compliance. Overall, the GDPR was created to further safeguard data privacy for citizens of the EU, while at the same time standardizing data privacy laws in Europe and changing how organizations manage data privacy.
In addition to affecting organizations within the EU, the GDPR also applies to organizations outside of the EU that deal with and store the data of people in the EU.
- What are the key differences between the GDPR and the previous directive?
- Key changes from the earlier directive to the GDPR include a broader definition for whom the regulation applies to, the addition of penalties for not following GDPR, and stricter requirements for consent. See more key changes on the EU GDPR website.
- What rights does the GDPR include for individuals?
- The GDPR covers several individual rights regarding the data that organizations collect, including “the right to be informed,” “the right of access,” and “the right to erasure.” View more information about these rights on ico.org.uk.
- When does the GDPR officially go into effect?
- The GDPR goes into effect May 25, 2018.
- What are the fines for not following requirements of the GDPR?
- The maximum fine for GDPR non-compliance is 20 million euros or 4 percent of annual global revenue. Both data controllers and data processors could face these fines.
- What does the GDPR mean for you as a FormAssembly customer?
- The GDPR means that you, as a data controller, must ensure that your respondents based in the EU understand and opt-in to any collection and processing of their personal data; that respondents can access, upon request, their personal data that you have collected and stored; and that respondents can request that their data be deleted. Essentially, GDPR compliance means providing your respondents with transparency into your data collection, storage, and processing, and offering them the ability to opt out or to delete their personal data.
As the data processor, FormAssembly will give you tools to help achieve GDPR compliance, but it’s your responsibility to ensure that your respondents are informed and can take action on their personal data if they wish.
- What is FormAssembly doing to ensure we are GDPR-compliant by the deadline?
- We’re actively working to make sure that FormAssembly will provide you with tools to help you meet GDPR compliance. Upcoming changes to FormAssembly include the ability to search your responses for individual names; permanently delete records upon request by the respondent; and track submissions by country of origin, and opt-in consent for cookies, form submissions, and E-Signatures for respondents based in the EU.
- Do you offer a Data Processing Agreement that addresses GDPR?
- Yes, please contact our sales team for more information.
- Is FormAssembly compliant with the EU-U.S. Privacy Shield Framework?
- Can data be stored in EU data centers?
- Yes, our Enterprise Cloud and Compliance Cloud customers have the option to have data stored in EU-based ISO 27001 certified data centers, to facilitate compliance with data residency requirements.