By now you’ve probably already heard about the GDPR – the General Data Protection Regulation. The GDPR grants people in the EU a specific set of rights when it comes to their personal data — such as the right to access their data, the “right to be forgotten,” or the right to object to having it processed. This ultimately means greater control over how that data is collected, stored, and used.
The GDPR outlines responsibilities for both data controllers (who make the decisions about what data gets processed and how) and data processors (who actually process the data). And many companies are both controllers and processors, so this means greater accountability across the board for the data that we handle.
Cheddar is 100% committed to your data privacy. We see the GDPR as a welcome change in the industry’s approach to data. While the Cheddar team has always worked to provide the highest levels protection for your sensitive data regardless of the current legislation, we still see the new regulations as an opportunity to make sure we’re doing our best to protect your rights and the rights of your customers.
As of right now, we’re completing a comprehensive audit of the GDPR’s requirements and identifying where we need to make modifications.
The good news is that Cheddar already has much of the functionality required by the GDPR, but we will be making some updates to our platform where necessary. This will include a revised Privacy Policy and Terms of Service, as well as a Data Processing Agreement. Rest assured, it’s our goal to be compliant by the May 25th, 2018 deadline.
We’re completing our internal review of our data privacy practices, and we’re finalizing our revisions of our policies. We’ll make sure to let you know when we’ve released the new Terms of Service, Privacy Policy, and Data Processing Agreement.
And what’s next for you, our customers? We know many of you are already well aware of how the GDPR is going to affect your business. When it comes to your relationship with Cheddar specifically, it’s important to know that you’re in the position of data controller for your customers’ data, and we’re acting as processors on your behalf. This means you have particular responsibilities as data controllers. And as processors, we’ll be doing everything we can to help you meet those responsibilities. Because ultimately, we’re all in this together.
If you’d like some guidance on how the GDPR affects you, we recommend the ICO’s GDPR guide to help you with your preparations:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Here at Cheddar, we see the GDPR as more than just a deadline in May. We’re committed to the ongoing process of protecting data subjects’ rights, and we’ll be doing everything we can to stay on top of the changes in the industry as they unfold. Stay tuned for updates to our policies, and for more news about how Cheddar is responding to the GDPR’s call for greater accountability and responsibility when it comes to personal data.