We get it, the General Data Protection Regulation (GDPR) is confusing. If you’re still a little lost on what it is, in short GDPR is a complete rewrite of European data privacy regulation, designed to modernize and coordinate all data privacy regulations across the European Union. It replaces the privacy shield framework, the data protection directive, and similar.
You’ve been asking, and we hear you: how is ReachForce keeping it legal with GDPR?
We, ReachForce, are not the controller of personal data.
We are the processor of data on behalf of our customers. This means that we validate and enrich our customer’s data through our solutions but do not store the data. As the controller (the person or company that determines the purpose of its data), our customers are responsible for acquiring consent from the individual. ReachForce requires our third-party processors to certify that they are GDPR compliant through a legally binding contract. Any personal data, which is what the GDPR is protecting, is provided to ReachForce by customers to be used in our matching algorithms, and only consists solely of business-related information, such as:
- First name
- Last name
- Company or Account information
- Business role
- Professional title
- Business contact information
- Connection information (IP addresses)
We will continue to collect best-in-class data.
The type of data ReachForce collects and appends has been and will continue to be marketing business card data (see bulleted list above). We do not process any special categories of personal data, which include but are not limited to:
- Financial status
- Political preferences
- Religious and philosophical beliefs
- Trade-union membership
- Sexual orientation
We take data governance seriously.
The ReachForce Security team manages all aspects of data privacy and security, which includes policies, plans, diagrams, attestations, certifications, training material, and more.
Reachforce has always taken data privacy and concerns around Personal Identifiable Information (PII) seriously. We owe it to our customers, and we will continue these efforts.
We have always complied with Privacy by Design.
By default, Privacy by Design and Data Protection is embedded in how we conduct business. This includes our security policies as well as technical and organizational measures.
In short, we comply.
You can trust ReachForce with your data-management needs and trust that we are GDPR compliant. Data is what we do, and we’re good at it.
To ensure you are GDPR compliant, check that you cover all the bases: assess your existing database, create a project plan, implement procedures and controls to ensure double opt-in for those European contacts (or everyone!), and ensure valid documentation. We like this checklist to help get things organized, and referring to this blog for those hard to answer questions.