GDPR Readiness Statement
DigitalChalk is committed to your privacy, keeping your personal data secure, and compliance with the General Data Protection Regulation (GDPR) which goes into effect on May 25th, 2018.
The GDPR is a new regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify the personal data protection rights of all individuals residing in the European Union (EU). The GDPR also governs how the personal data of EU residents can be transferred and processed both within and outside the EU. The GDPR gives EU residents specific rights concerning the collection, processing, and storage of their personal data and aims to simplify the regulatory environment which governs how international business is conducted with regard to management of an EU resident’s personal data. Upon implementation, the GDPR will replace Directive 95/46/EC.
DigitalChalk is actively working to ensure our processes and systems meet the rigorous requirements of the GDPR and aims for full compliance on or before the effectual date. We understand that our customers may have questions regarding the terms of the GDPR and as such we have prepared this statement to assist you in your pursuit of understanding. You can access and review the entire legislation at the following link: http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf
GDPR Territorial Scope
The GDPR applies to all Data Controllers and Data Processors who collect, process and/or store personal data of Data Subjects who reside in the EU, regardless of the Data Controller’s or Data Processor’s location.
How does the GDPR define personal data?
Personal data is any information relating to a natural person (a ‘Data Subject’) that can be used to directly or indirectly identify that person.
Who does the GDPR consider a Data Controller?
A Data Controller is an individual or entity that determines the reason, purpose, terms and process by which personal data is captured and processed. If you are an individual or entity who uses DigitalChalk to deliver training to users who are registered for that training in your DigitalChalk organization, you are a Data Controller.
Who does the GDPR consider a Data Processor?
A Data Processor is an individual or entity that processes and stores personal data on behalf of a Data Controller. DigitalChalk is a Data Processor to those individuals and entities who use our services for the process of delivering training to users who are registered for that training in their DigitalChalk organization.
Obtaining Data Subject Consent
A Data Subject must be presented with the option to provide consent for collection, processing and storage of their personal information in an intelligible format in an easily accessible form. Consent must provide clear and distinguishable information, in plain language, that accurately describes the purpose for which consent is being granted. Additionally, consent must be withdrawable in an easily accessible form. DigitalChalk will have appropriate instruments in place to aid in proper navigation of these new GDPR consent requirements.
A Data Subject’s Right to Access, Update, Port and/or Request Deletion of Personal Information
A Data Subject has the right to obtain from the Data Controller confirmation as to whether personal data concerning them is being collected, processed, and/or stored, where these activities are taking place and for what purpose. Further, the controller must provide a copy of the Data Subject’s personal data, free of charge, in a common electronically readable format upon request from the Data Subject. Data Subjects also have the right to request that personal data being collected, processed and/or stored concerning them be updated and/or deleted upon request. DigitalChalk will have appropriate instruments in place to aid in proper navigation of these new GDPR consent requirements.
DigitalChalk is committed to safeguarding personal information as we believe that such is paramount to our mutual success and to maintaining the trust relationship already forged with our customers. As such, we are aggressively preparing to deliver upon our obligations to the GDPR requirements. If you have any additional questions regarding the ways in which we are preparing for GDPR compliance, please contact us by email at: firstname.lastname@example.org.