Find out how GPDR affects Textkernel and it’s customers, and what we do to ensure compliance.
What is GDPR?
The European Union (EU) General Data Protection Regulation (GDPR) is a set of regulations coming into effect on May 25, 2018 that enhance the data privacy rights of EU individuals and unify data privacy protections within the EU. The scope of the GDPR covers companies operating in the EU, as well as companies operating outside the EU who offer services to, or monitor the behaviour of, EU residents.
How does GDPR apply to Textkernel?
The GDPR sets out obligations on 1) Data Controllers, or those that determine the purpose and means of the processing of personal data of EU residents, and 2) Data Processors, or those that process personal data of EU residents on behalf of Data Controllers.
Textkernel is a Data Processor with respect to the personal data processed and/or collected in the following products: Extract! CV parser, Search! and Match!. Textkernel processes the personal data collected in these products on behalf of its customers, and those customers are the Data Controllers of said data. As a Data Processor, Textkernel does not process said data except on instructions from the Data Controller.
What is Textkernel doing to foster compliance with GDPR?
Textkernel is committed to GDPR compliance across our products and services and preparations are underway to ensure our compliance by May 25, 2018. We are reviewing our systems, processes, policies and documentation and updating them where necessary.
- Security. Textkernel is undertaking various activities to assess our current practices and policies, and take actions to address areas that may need changes. These actions include data mapping, discovery, readiness analysis, and the implementation of any necessary remediation steps.
- Updated Terms. Where we act as a processor of personal data, we are appending our service agreements with a data processing agreement that covers the relevant areas of the new legislation, including the obligations of controllers and processors. These updates to our service agreements will be in place by the time the legislation comes into effect in May 2018.
What should customers of Textkernel do?
When Textkernel acts as a Data Processor on a customer’s behalf, our customers as Data Controllers are responsible for ensuring that their use of our services is in compliance with the GDPR. Please consider the following:
- The GDPR requires Data Controllers to have a contract with their Data Processors. The GDPR sets out what needs to be included in the contract (in general called a Data Processing Agreement);
- The GDPR requires Data Controllers to have a legal basis for processing personal data and requires them to provide information to people about how their personal data is processed;
- The GDPR requires Data Controllers to retain personal data no longer than necessary for the purpose it was obtained for. Depending on the usage of Textkernel’s services, customers may need to conduct data maintenance to be compliant with the GDPR.
Can we be of service?
Please don’t hesitate to contact us if you have any questions or comments. Our team is happy to help! service@textkernel.nl