Information for existing and prospective customers
The EU General Data Protection Regulation (GDPR) is a significant piece of European legislation that enters the enforcement phase on May 25, 2018. GDPR builds on existing data protection laws to strengthen the rights of EU individuals over the use of their personal data and creates a single data protection approach across Europe.
TrueMotion, as the data processor working in conjunction with our customers as data controllers, is committed to the delivery of solutions and services that comply with GDPR.
What are we doing?
TrueMotion welcomes GDPR and the data protection and security principles it enforces, many of which TrueMotion put in place long before GDPR was introduced.
Similar to existing legal requirements, compliance with GDPR requires a partnership between TrueMotion and our customers in their use of our solutions and services.
In scenarios where data controllers make use of a third-party, such as TrueMotion, to process personal data, fulfilling commitments as a data processor is an obligation of GDPR compliance. Because of this requirement, TrueMotion works extensively to ensure that our Terms and Conditions of use and related agreements, along with relevant policies, contain appropriate provisions for personal data that we process and/or store.
Does GDPR impact TrueMotion customers?
TrueMotion systems and software may process personal data, which is subject to data protection laws, including GDPR. TrueMotion supports GDPR requirements in a range of ways, including:
- Deletion. TrueMotion systems support permanent deletion of personal data. A request may be submitted by contacting TrueMotion support at email@example.com.
- Disclosure of personal data. Data privacy regulations may require the release of personal data upon request of the data subject. TrueMotion customers or the customers of TrueMotion’s customers and partners may obtain a report containing this information by contacting firstname.lastname@example.org
- Sensitive personal data. Sensitive personal data is a category that requires special handling under GDPR. The definition of what qualifies as sensitive personal data may differ by legal area or industry. For example, sensitive personal data may pertain to information on racial or ethnic origin, political opinions, or bank and credit accounts. TrueMotion solutions do not typically collect sensitive personal data, and as a result, have not been designed to store and process such data.
What do you need to do?
As a current or future customer of TrueMotion, you, as the data controller, are responsible for ensuring that the use of our solutions and services is compliant with both GDPR and the policies relevant to your organization. Consider the following tips:
- Get to know GDPR. Familiarize yourself with the provisions of the new regulation, particularly how it may differ from your current data protection obligations and consider the relationships you have with both your customers and staff. Also, note the variance of local provisions which may be superseded by the new regulation when it comes into force.
- Audit your data and processes for data capture. Consider creating an updated and precise inventory of personal data that you control. Review your current controls and processes to ensure that they are adequate and build a plan to address any gaps. The following are steps you can take today:
- Review your survey program;
- Review your process documentation;
- Ensure you have a lawful basis for holding and/or processing the data.
- Stay informed. Keep abreast of updated regulatory guidance as it is issued.
Employee Awareness and Training
All TrueMotion employees must complete security and privacy training, including GDPR specific content. Additionally, TrueMotion maintains an ongoing security awareness program on a variety of topics including data protection, privacy, and general security best practices.
TrueMotion will monitor the implementation of GDPR legislation by the Information Commissioner’s Office (ICO) and provide pertinent informational updates to our customers throughout the process.
This information is provided for guideline purposes only and is not legal advice. It is subject to change or removal without notice. Consult with your own legal counsel as you prepare for GDPR compliance.