Widen complies with GDPR

The European Union General Data Protection Regulation (GDPR), which provides new standards for how companies use and protect EU citizens’ data, is effective on May 25th, 2018. Widen is compliant with these standards.

What’s GDPR?

GDPR is a comprehensive data protection law. It replaces existing EU Data Protection Directive to strengthen the protection of “personal data” and the rights of the individual. It is a single set of rules which govern the processing and monitoring of EU personal data.

How we prepared

We engaged with a third party to review every touchpoint we have with customers and users. Through this, we then put in place new processes, policies, and features to ensure we met legal obligations and do what is best for our customers.

Data privacy features in our solutions

There’s new functionality to notify all users of how data is collected and to capture consent with quick accessibility to our Privacy Policy. Along with this, we made updates for data minimization of personally identifiable information (PII), such as a user’s email address and IP address. This information will only be displayed or accessible if necessary when delivering that portion of the service.

A new data protection officer role

We have appointed a data protection officer (DPO) to oversee and advise on our data management.

Updates to Privacy Policy

Our Privacy Policy is updated to ensure compliance with GDPR.

 

FAQs

Does GDPR impact only European customers and users?

No. The changes that were put in place cover all customers and users regardless of location. To scale for all customers, we have ensured the higher privacy standards apply to everyone.

What should I do as a Widen Collective® customer?

The principle of GDPR is data minimization. Therefore, the best course of action is to only keep user data for as long as it is needed. Make sure to review your Widen user accounts on a regular basis and remove accounts that are no longer active or needed. Also, ensure your teams have proper training to not include PII, such as their email address and name, in metadata fields or fields that are not intended to store this data.

How can my organization gain assurance that Widen meets our needs for GDPR?

Many organizations are putting a Data Processing Addendum (DPA) in place. Widen has its own DPA that your organization can review and sign when it is ready. The extent of the personal data that is processed in our services includes only the information necessary to authenticate the authorized user's credentials — essentially, their email and first and last name. It is important to note that we are a low-risk processor.

Contact privacy@widen.com to obtain Widen’s DPA for signature or further questions.