European Union’s General Data Protection Regulation
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. GDPR is a set of new data privacy laws across Europe that are designed to protect EU citizens’ data privacy and reshape the way organizations approach data privacy. As Higher Logic serves hundreds of international and EU-centered companies and organizations, we have already updated our entire product suite in ways that will help our customers manage compliance under GDPR.
The GDPR includes specific rights for all EU individuals:
- The right to be informed about the collection and use of personal data
- The right of access to personal data
- The right to clarification of personal data
- The right to be forgotten by requesting deletion of personal data
- The right to restrict processing of personal data beyond simple storage
- The right to data portability allowing individuals to obtain and reuse their personal data
- The right to object to certain uses of their personal data, including direct marketing and profiling
- The right to object to automated profiling
The GDPR requires organizations to obtain specific consent from individuals whose data they want to use and/or share. Organizations must be able to prove that they are compliant with all the new regulations surrounding the GDPR. Organizations who are found in non-compliance are subject to significant fines.
How does Higher Logic help your organization?
We have updated our Privacy Policy and contractual agreements so that our EU customers have access to and can use the applicable GDPR rights listed above. Data privacy is a priority for Higher Logic. Higher Logic recently achieved the TrustArc certification that confirms globally recognized privacy requirements, including Fair Information Practice Principles, OECD Privacy Guidelines, APEC Privacy Framework, and the EU-U.S. and Swiss-U.S. Privacy Shield Principles.
We have also made changes to our platforms to enable our customers to meet the GDPR requirements for their users, the members and customers in their communities and receiving their email mailings. Higher Logic is considered a Data Processor, meaning we process personal data on behalf of a controller, you, our customers. We have updated the way that we maintain, store, and process our data so that you can maintain user privacy when requested and have permission to continue collecting and analyzing user data when it is expressly given.
Higher Logic offers a Data Processing Addendum (DPA) to its master services agreement, further clarifying our respective roles and responsibilities in the handling of EU personal data. Executing this DPA will help your organization continue to transfer EU personal data to Higher Logic in a lawful manner and permit Higher Logic to receive and process that data on your behalf. Higher Logic’s Data Processing Addendum is ready for your review and signature.
In order to make this easier for your organization to meet the GDPR requirements, we have shared more detailed information in the Higher Logic User Group community (HUG) on the GDPR and the features in each product in the Higher Logic family that will enable your organization can ensure GDPR-compliance.