e-satisfaction.com encourages customers to begin preparing for the GDPR by reviewing their privacy and data security processes and policies to ensure compliance by May 2018. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with EU data protection law. Below are some key points to consider for GDPR compliance:
- Geographical Application: The GDPR may apply to organizations that are established in the EU as well as certain organizations established outside the EU but which are processing the personal data of EU citizens, depending on their activities.
- Rights of End-Users: Organizations should be cognizant of End-Users whose personal data they may be processing. The GDPR establishes enhanced rights for End-Users, and organizations should be able to accommodate those rights.
- Data Breach Notifications: Organizations that are controllers of personal data should have clear processes in place in order to comply with the GDPR requirement to report data breaches in accordance with the time frames set out within the GDPR. e-satisfaction.com will notify affected customers without undue delay if we become aware of a data breach of our services.
- Appointment of Data Protection Officer (“DPO”): Customers may need to appoint DPOs to manage issues relating to the processing of personal data.
- Data Processing Agreement (“DPA”): Where personal data is transferred outside the EEA, a customer may need DPAs in place with its sub-processors to ensure an adequate level of protection for the transferred data. e-satisfaction's DPA addresses GDPR and can be obtained by submitting a request to firstname.lastname@example.org.
- Data Protection Impact Assessment (“DPIA”): DPIAs usually describe organizations data processes and protective measures, particularly those that may be risky. For data processing activities, customers need to conduct and file with authorities a DPIA.