Perdoo is protecting your data and will be fully GDPR compliant by 25th May 2018.

What is GDPR?

GDPR (General Data Protection Regulation) is an important European Union law that concerns the privacy and protection of personal data within the EU.

GDPR was adopted in April 2016 and will come into effect from the 25th of May 2018. Its mission is to grant control to all EU citizens and residents over their personal data and to simplify the regulatory environment for international businesses by unifying data collection and processing laws.

This means Perdoo will legally bound by the following obligations to you:

  1. We are required to fully inform our users, in simple language, of what personal data we collect. This covers:
    1. Exactly what personal user data is collected and how it will be used
    2. How long personal user data will be stored
    3. Details of any third parties that will handle personal user data
  2. We are required, once any personal user data is collected, to keep it safe and take the necessary precautions to ensure any loss is prevented
  3. We are required to provide all users with data portability so that you may request a copy of all your user data or request it be deleted.

The privacy and security of our users have always been a top priority. We are committed to maintaining extremely high standards in both our product and our business operations.

Below, are the steps we are taking to ensure the continued security of our customers’ personal data and details of how we are achieving GDPR compliance.

General

  • Our Data Protection Agreement has been updated to reflect both regulatory and operational changes related to GDPR.
  • We have implemented the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR
    • Updated product development process to ensure we deliver privacy by design
    • Workflows for handling requests to fulfill our user’s right to be forgotten and portability
    • Reviewed data breach procedures to ensure we can fulfill the requirement to release breach notifications within 72 hours of the incident
    • Updated procurement process for adding new vendors
  • We’ve appointed a Data Protection Officer (DPO), who will your first point of contact for any data-related matters. Should you have any questions, feel free to email dpo@perdoo.com anytime.

Vendor audit

  • Updated list of all sub-processors, including detailed documentation of where we collect data and when it’s passed on to other vendors
  • Reviewed all vendors who act as sub-processors for Perdoo data, auditing their approach to GDPR, and entering into DPAs where necessary

Product

  • We’ve built an internal admin panel that lets us delete data from sub-processors with just one click
  • Updated onboarding flows to explicitly request user’s consent for us to collect necessary data points

Sales & Marketing

  • Ensured all email communication is opt-in only
  • We will launch a brand new homepage and ensure that any data it collects is done in a GDPR compliant fashion

All Perdoo Ambassadors will be pleased to know that we’ve made it super simple for you to request a signed DPA or Data Processing Agreement. This includes all the terms of how we process your company data under the new GDPR regulations.

To request a DPA simply fill in the form here.