800.869.6908 support@ttisi.com

General Data Protection Regulation (GDPR)

On May 25, 2018, the European Union’s new General Data Protection Regulation (GDPR) went into effect, which protects the fundamental right to privacy for every EU resident and greatly impacts how all companies communicate with consumers. This new regulation replaces the existing 1995 EU Data Protection Directive (European Directive 95/46/EC) and enables private consumers to better control over the use, processing, and application of their personal data. The rule transcends countries, requiring any organization that works with EU residents’ personal data to protect the data, no matter where an EU resident is in the world.

 

TTI Success Insights’ Commitment

TTI Success Insights welcomes GDPR. We recognize our responsibility to be compliant with the law and respect our users’ right to data privacy and protection. We do not, nor will we ever misuse or resell users’ personal information. TTI Success Insights recognizes the importance of applying the same standards, processes, and procedures to our clients around the globe.

Over the years, we have demonstrated our commitment to data privacy and protection by meeting industry privacy standards. We have multiple technical and organizational measures in place to ensure a high level of security and compliance within our data centers around the world.

We already have a privacy statement and Information Security Policy for the US, Canada, Europe, and Russia. We also have a Foreign Transaction Policy. TTI Success Insights complies with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. We believe that the GDPR and its enforcement will enable the highest standards of operations in protecting customer data. TTI Success Insights will continue to provide the right tools and processes to support its users and customers to meet their GDPR mandates.

 

How is TTI Success Insights preparing for GDPR?

With over 30 million assessments delivered to users around the world, TTI Success Insights around the globe will be GDPR compliant across all of its platforms on or before May 25, 2018. Recognizing its role as a data processor, TTI Success Insights has thoroughly analyzed GDPR requirements and has appointed a cross-functional execution team and hired qualified legal counsel to assist the preparation process. Some of our ongoing initiatives are:

  • Allowing data controllers to set up assessments and links with auto delete capabilities after a specified period of time.
  • Conducting data mapping and compliance audit.
  • Implementing appropriate technical and organizational measures that ensure and demonstrate that we comply, including internal data protection policies such as staff training, internal audits of processing activities, and reviews of internal HR policies.
  • Maintaining relevant documentation on processing activities.
  • Implementing measures that meet the principles of data protection by design and data protection by default, including data minimization and pseudonymization.
  • Creating and improving security features on an ongoing basis.
  • Building a website that enables data subjects to request deletion and deny consent via ttisigdpr.com

 

What This Means for You

Meeting the GDPR requirements takes a lot of time and effort. As your partner, we want to help make the process as easy as possible so you can continue to focus on your business. Some of the product enhancements we are making strive to do the following:

  • Enable easy contact with us. We are building a data subject website, where you can easily request changes or deletion of data. All approved requests will be compliant with GDPR and honored within 30 days of the request.
  • Increase your confidence in our ability to protect user data. We anonymize or delete user data as appropriate.
  • Receive customer communications where we provide updates on the status of requests.

 

All About GDPR

What is GDPR?
The European Union’s General Data Protection Regulation (GDPR) updates all data protection and privacy laws. The EU has realized that while technology has evolved drastically in the last few decades, privacy laws have not. In 2016, EU regulatory bodies decided to update the current Data Protection Directive to suit the changing times. This law creates a comprehensive list of regulations that govern the processing of EU residents’ personal data.
Who does it apply to?
GDPR applies to organizations within the EU and to groups and/or organizations who are outside of the EU working with EU citizens, commonly referred to as EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What are the penalties for non-compliance?
A business who is in breach of GDPR may be fined up to 4% of annual global turnover or €20 million (whichever is greater).
What constitutes personal data?
Any information related to a data subject that can be used to directly or indirectly identify the person.
What is the difference between a data processor and a data controller?
A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.
Where can I find additional resources on GDPR?

You can visit this EU commissioned resource to learn more.

Disclaimer

This content is general information on EU data privacy and the GDPR, and is not an exhaustive or complete summary, nor is it legal advice for your company. We compiled this content to serve as helpful background information on an important topic. Please consult with an attorney if you are looking for legal advice, or if you’d like help applying this information to your company’s specific situation.

 

Have questions?

Call us 1-800-869-6908 or 480-443-1077 to learn more. Alternatively, you can contact our privacy team at legal@ttiltd.com.