General Data Protection Regulation (GDPR)
On May 25, 2018, the European Union’s new General Data Protection Regulation (GDPR) went into effect, which protects the fundamental right to privacy for every EU resident and greatly impacts how all companies communicate with consumers. This new regulation replaces the existing 1995 EU Data Protection Directive (European Directive 95/46/EC) and enables private consumers to better control over the use, processing, and application of their personal data. The rule transcends countries, requiring any organization that works with EU residents’ personal data to protect the data, no matter where an EU resident is in the world.
TTI Success Insights’ Commitment
TTI Success Insights welcomes GDPR. We recognize our responsibility to be compliant with the law and respect our users’ right to data privacy and protection. We do not, nor will we ever misuse or resell users’ personal information. TTI Success Insights recognizes the importance of applying the same standards, processes, and procedures to our clients around the globe.
Over the years, we have demonstrated our commitment to data privacy and protection by meeting industry privacy standards. We have multiple technical and organizational measures in place to ensure a high level of security and compliance within our data centers around the world.
We already have a privacy statement and Information Security Policy for the US, Canada, Europe, and Russia. We also have a Foreign Transaction Policy. TTI Success Insights complies with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. We believe that the GDPR and its enforcement will enable the highest standards of operations in protecting customer data. TTI Success Insights will continue to provide the right tools and processes to support its users and customers to meet their GDPR mandates.
How is TTI Success Insights preparing for GDPR?
With over 30 million assessments delivered to users around the world, TTI Success Insights around the globe will be GDPR compliant across all of its platforms on or before May 25, 2018. Recognizing its role as a data processor, TTI Success Insights has thoroughly analyzed GDPR requirements and has appointed a cross-functional execution team and hired qualified legal counsel to assist the preparation process. Some of our ongoing initiatives are:
- Allowing data controllers to set up assessments and links with auto delete capabilities after a specified period of time.
- Conducting data mapping and compliance audit.
- Implementing appropriate technical and organizational measures that ensure and demonstrate that we comply, including internal data protection policies such as staff training, internal audits of processing activities, and reviews of internal HR policies.
- Maintaining relevant documentation on processing activities.
- Implementing measures that meet the principles of data protection by design and data protection by default, including data minimization and pseudonymization.
- Creating and improving security features on an ongoing basis.
- Building a website that enables data subjects to request deletion and deny consent via ttisigdpr.com
What This Means for You
Meeting the GDPR requirements takes a lot of time and effort. As your partner, we want to help make the process as easy as possible so you can continue to focus on your business. Some of the product enhancements we are making strive to do the following:
- Enable easy contact with us. We are building a data subject website, where you can easily request changes or deletion of data. All approved requests will be compliant with GDPR and honored within 30 days of the request.
- Increase your confidence in our ability to protect user data. We anonymize or delete user data as appropriate.
- Receive customer communications where we provide updates on the status of requests.
All About GDPR
What is GDPR?
Who does it apply to?
What are the penalties for non-compliance?
What constitutes personal data?
What is the difference between a data processor and a data controller?
Where can I find additional resources on GDPR?
You can visit this EU commissioned resource to learn more.
This content is general information on EU data privacy and the GDPR, and is not an exhaustive or complete summary, nor is it legal advice for your company. We compiled this content to serve as helpful background information on an important topic. Please consult with an attorney if you are looking for legal advice, or if you’d like help applying this information to your company’s specific situation.
Call us 1-800-869-6908 or 480-443-1077 to learn more. Alternatively, you can contact our privacy team at firstname.lastname@example.org.