The deadline for GDPR compliance is right around the corner, so what are we doing to prepare and how are we tracking?
The gist is we're now compliant 🎉 — read on for the details!
Our position on your data
As such, we've had processes in place from the start which govern our use of your data, and of your patients' data, in a security and privacy focused manner.
The GDPR requires us to go a few steps further for EU residents — including making these processes official as policies. We view the GDPR as a fantastic step forward in giving control back to the data subject, and will thus be opening up all our data controls and policies to customers both in the EU, and elsewhere.
Our roles under the GDPR
Finger-Ink is both a data controller and data processor as far as the GDPR is concerned:
We're a data controller because we collect and process information about to you, as one of our customers, and we're a data processor because we help you collect and process information about your patients through the Finger-Ink app.
The tasks below outline the work required to meet our responsibilities in each role under the GDPR.
What we're doing & what we've done
- Consult with legal to determine our responsibilities.
- Appoint a Data Protection Officer.
- Appoint a representative in the EU.
- Perform a gap analysis with respects to the requirements of the GDPR as applicable to our business operations.
- Review our data protection processes and create a Data Protection Policy.
- Modify the Finger-Ink app to allow the complete deletion of any filled form (facilitating the right to erasure in our capacity as a data processor).
- Create a secure customer-portal to meet our obligations under the GDPR to facilitate the rights of our customers as data subjects.
If you have any questions about this, or anything related to data security or privacy, please don't hesitate to get in touch.