How is Rydoo dealing with GDPR?
Since GDPR was adopted back in April 2016, we haven’t stood still really. Only a couple of weeks later, a gap analysis was performed and a roadmap towards full compliance was drafted. This journey has now come to an end.
Here is a brief overview what we have been occupied within the past months and years:
Thorough researching the areas of our business impacted by GDPR
Updating our internal policies and procedures to reflect the GPDR requirements and implementing them step by step
Reassessing our partnerships with third parties
Creating awareness among our employees through training sessions
Drafting and rewriting our Data Processing Agreement
Appointing a Data Protection Officer
Thoroughly testing all of our changes to verify and validate compliance with GDPR
Rydoo does not require the end user to fill in or upload any high security personal data, such as credit card number or pin code, social security, health insurance or driver license numbers on the platform. Even so, we want to do the utmost for your data to be sure it's safe with us. Therefore, Rydoo is also working closely with different external attorneys and IT security experts on its approach, because we want to make sure every aspect is covered.
What is GDPR actually?
The General Data Protection Regulation, which replaces the 1995 Data Protection Directive, regulates the processing of personal data of individuals within the EU. Under GDPR, “personal data” is interpreted broadly and covers any information relating to an identified or identifiable individual (the so-called “data subject”).
The GDPR gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect from them. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.
To give you an idea of some important changes that will come into effect when GDPR enters into force:
- More rights for individuals: The GDPR extends the rights for individuals in the European Union by granting them, amongst other things, the right to access their personal information and the right to be forgotten.
- Compliance obligations: The GDPR also requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on their processing activities and enter into written agreements with vendors.
Data breach notification and security: The GDPR creates new obligations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.