The EU General Data Protection Regulation (GDPR) came into effect May 25th 2018, setting a new standard for how companies use and protect EU citizens’ data.
As an EU company based in Germany, strong privacy standards have applied to us from the start. We’ve always been very aware of the fact that we’re processing highly sensitive employee data and therefore already have extensive measures in place to protect our customers’ privacy and to keep data secure.
You can read more about how exactly we do this in our security guidelines and our internal processes, here.
Questions?
Feel free to reach out to us – we’re happy to help.
How are we GDPR compliant?
We work closely with our Data Protection Officer to do a complete assessment of data protection, privacy, and security at Small Improvements on an ongoing basis and in compliance for GDPR.
We improved our internal documentation & processes:
The audit has shown that our security measures and processes are solid, but we’ve updated them to ensure we are meeting GDPR standards.
You can read more about our internal documentation and processes, here.
We improved our exporting functionality
We already offer an extensive XML export of your company’s data and we’ve made sure you can comply with the GDPR regulations on Data Portability, as well as making deletion of an individual’s data easier.
We updated our Data Processing Agreements (DPAs):
We’ve reviewed the vendors we work with to update our data processing agreements in compliance with GDPR. If you are one of our customers and would like to enter into a Data Processing Agreement with us you can access the DocuSign the agreement below.
You can access and sign this agreement, here.
The right to be forgotten
According to Article 17 of GDPR, European Citizens can request deletion of all their personal data from Small Improvements and our subprocessors. Your HR admin can delete your account in Small Improvements, but to be removed from all related subprocessors please contact us in support, here.