General Data Protection Regulation (GDRP)
GDPR is an opportunity to build a stronger data protection foundation for the benefit of all. GDPR regulation becomes enforceable on May 25, 2018. GivePulse is committed to maintaining our GDPR-compliancy here on out.
What we are doing to prepare for this
There are a few things we are proactively doing to prepare for this
We have a data protection core team comprised of senior members of the Legal, Data, Security, and Architecture teams, dedicated to ensuring that GivePulse is GDPR-compliant.
As you ready your institution or business for GDPR, we’re updating our terms too. We’ve made a new addendum available for download, which reflects GDPR standards.
Data Protection Design
For every new product and enhancement, we’re proactively applying the Data Protection by Design principles.
We’re applying GDPR standards to all data not just EU personal data. This will enable our institutions and partners to be well positioned with data protection regulatory frameworks around the world.
Our TOS and Data Policy defines how we process people's personal data. We'll provide education on our Data Policy to people using GivePulse. We'll do this through in-product notifications to ensure people understand how their data is being used and the choices they have.
Users will have control over how their data is used. We'll show users with alert and notifications on how to update their settings. Note: GivePulse does not sell data. Our business is to protect our users and ensure they are able to serve the community and understand their impact.
Our incident/change response and security policies & processes
We are committed to maintaining trust and data protection by improving our current methods. Feel free to reach out if you need further information.
Whenever there are changes to the system, we assess, plan and execute the plan which can involve design, testing, implementation and a review process.
Incident Response Management
Similar to our change management proces, when an incident happens, there is a process to notify, remediate, inform and update all clients impacted
We have an extensive vetting process which also limits access to our employees on our client data
From the system admin to developer level, we adhere to standard security policies and practices and aim to enhance and protect our users
The following are additional resources that might interest you about our commitment to data protection and for this GDPR work