Skip to Main Content

General Data Protection Regulation (GDRP)

GDPR is an opportunity to build a stronger data protection foundation for the benefit of all. GDPR regulation becomes enforceable on May 25, 2018. GivePulse is committed to maintaining our GDPR-compliancy here on out.

What we are doing to prepare for this

There are a few things we are proactively doing to prepare for this

  • Core Team
    We have a data protection core team comprised of senior members of the Legal, Data, Security, and Architecture teams, dedicated to ensuring that GivePulse is GDPR-compliant.
  • Updated TOS
    As you ready your institution or business for GDPR, we’re updating our terms too. We’ve made a new addendum available for download, which reflects GDPR standards.
  • Data Protection Design
    For every new product and enhancement, we’re proactively applying the Data Protection by Design principles.
  • All Data
    We’re applying GDPR standards to all data not just EU personal data. This will enable our institutions and partners to be well positioned with data protection regulatory frameworks around the world.
  • Transparency
    Our TOS and Data Policy defines how we process people's personal data. We'll provide education on our Data Policy to people using GivePulse. We'll do this through in-product notifications to ensure people understand how their data is being used and the choices they have.
  • Control
    Users will have control over how their data is used. We'll show users with alert and notifications on how to update their settings. Note: GivePulse does not sell data. Our business is to protect our users and ensure they are able to serve the community and understand their impact.

Our incident/change response and security policies & processes

We are committed to maintaining trust and data protection by improving our current methods. Feel free to reach out if you need further information.

  • Change Management
    Whenever there are changes to the system, we assess, plan and execute the plan which can involve design, testing, implementation and a review process.
  • Incident Response Management
    Similar to our change management proces, when an incident happens, there is a process to notify, remediate, inform and update all clients impacted
  • Employees
    We have an extensive vetting process which also limits access to our employees on our client data
  • Security
    From the system admin to developer level, we adhere to standard security policies and practices and aim to enhance and protect our users

Additional Resources

The following are additional resources that might interest you about our commitment to data protection and for this GDPR work

  • Privacy
    You can review our privacy documented here
  • Terms of Service
    You can review our terms of service documented here
  • Documentation
    For further documentation, diagrams and what we have planned to address data protection, security, incident responses or change maangement, feel free to reach out to us