GDPR is a comprehensive data protection law. It replaces existing EU Data Protection Directive to strengthen the protection of “personal data” and the rights of the individual. It is a single set of rules which govern the processing and monitoring of EU personal data.
We engaged with a third party to review every touchpoint we have with customers and users. Through this, we then put in place new processes, policies, and features to ensure we met legal obligations and do what is best for our customers.
We have appointed a data protection officer (DPO) to oversee and advise on our data management.
No. The changes that were put in place cover all customers and users regardless of location. To scale for all customers, we have ensured the higher privacy standards apply to everyone.
The principle of GDPR is data minimization. Therefore, the best course of action is to only keep user data for as long as it is needed. Make sure to review your Widen user accounts on a regular basis and remove accounts that are no longer active or needed. Also, ensure your teams have proper training to not include PII, such as their email address and name, in metadata fields or fields that are not intended to store this data.
Many organizations are putting a Data Processing Addendum (DPA) in place. Widen has its own DPA that your organization can review and sign when it is ready. The extent of the personal data that is processed in our services includes only the information necessary to authenticate the authorized user's credentials — essentially, their email and first and last name. It is important to note that we are a low-risk processor.
Contact firstname.lastname@example.org to obtain Widen’s DPA for signature or further questions.