Last revised on April 2020
The General Data Protection Regulation (GDPR), is a European privacy law that has been approved by the European Commission in 2016, and has been in effect since May 25th, 2018. The GDPR replaces a previous European Union privacy directive - Directive 95/46/EC that has been the cornerstone of European data protection law since 1995. The GDPR strengthens and modernizes the EU data protection law to intensify individual rights and freedoms that is consistent with the European perception of privacy as a fundamental human right. Among other things, the GDPR regulates how people and organizations may collect, use, store, transfer, and discard personal data. In short, it gives individuals and organizations control over their personal data while interpreting the regulatory environment for international business that takes place in the EU.
The Data Protection regulations include terms such as:
GDPR adds some new specifications regarding how organizations should protect the personal data of customers and users that have been collected and processed as a part of the service. It enforces stringent compliance regulations that impose greater penalties for breach. At Wellness360, we strongly believe that your data privacy and security are very important. Although we already impose reliable security and privacy measures, we still abide by the requirements of this new regulation to ensure no loopholes.
To ensure that no terms are imposed on us that are beyond our DPA and Terms of Service, we do not agree to sign DPAs of our customers. As we are a small team, we do not encourage making individual changes to our DPA as there is no full-time legal team on our staff. Any changes to the standard DPA would require legal guidance and counsel and a lot of discussions that could be cost-prohibitive for our company.
If you have any questions or concerns, kindly contact us at - firstname.lastname@example.org
Our core group of privacy and project managers ensures all the GDPR requirements, including marketing, implementation, to People Ops are covered. The team has regular communications to discuss the current status, progress, and GDPR validations. This team also ensures that all the required associates working at Wellness360 are aware of and trained about the current GDPR.
Wellness360 is in the process of reviewing our third-party vendors and also deeply reviewing their GDPR compliance. We already have DPAs in place with most of our vendors who offer a signed version, while others are taking the same approach as us and having the DPA be automatically accepted as part of the Terms of Service.
Working with EU customers requires giving them the ability to access, update, recover, transfer, or delete personal data, and so, Wellness360 provides you access to your data and your customer's data. For any queries about exporting data, access concerns, or any other questions, please contact us at - email@example.com.
Having a controlled data protection impact assessment (DPIA) process is a necessity for GDPR. A DPIA process helps in identifying and minimizing the data protection risks of a certain project. The Wellness360 team always makes diligent security and privacy checks while making any creation and implementation decisions, so this requirement is an easy one for us. Every time a change is introduced to handle personal data, a lot of time is spent discussing its potential impact on Wellness360's customers, along with the possible privacy and security risks to personal data. In case a possible risk is identified, our product and operations team collaborate to find a suitable solution that will alleviate the data privacy and security risk to anyone who interacts with the Wellness360 platform. We ensure to continue to perform this risk assessment process as we expand Wellness360 program offerings.
Wellness360 is prepared with a breach management and communication plan that complies with the GDPR terms and supports the HIPAA requirements that concern the escalation process and provisions for data subject notification.