What is GDPR?
On 25 May 2018, the most significant piece of European data protection legislation to be introduced in 20 years came into force. The E.U. General Data Protection Regulation (GDPR) replaces the 1995 E.U. Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.
As a result of this change, many organizations that have access to and process the personal data of E.U.-based users are subject to the rules and regulations that come into effect along with GDPR. Since many of our clients are based in the E.U., we need to address these rules and regulations accordingly.
What is Phonon doing to comply?
Phonon is a company headquartered in India, but we have Clients located in the E.U. Despite the fact that we do not have any physical locations in the E.U., we recognize the fact that many of our users are directly affected by the GDPR will be expecting us to comply in order to continue using our products and have the confidence that they can do it in accordance with the new legislation.
Therefore, we’ve addressed the GDPR requirements that would apply to us as processors (and in some cases sub-processors) of personal data by implementing specific legal, technical and organizational measures aimed to address data privacy and security concerns:
- We’ve put in place the contractual measures in the form of a Data Processing Agreement (D.P.A.) in accordance with the GDPR requirements and all Clients will be asked to accept the terms accordingly.
- We’ve ensured that we have appropriate contractual measures in place with each of our data sub-processors.
- We’ve implemented and outlined specific technical and organizational measures (Appendix 2 to the DPA) to ensure data privacy and security and have put in place internal protocols and processes to ensure that we can address the GDPR requirements with regards to storage, processing, and control of personal data.
Under the GDPR, there are a number of approved reasons (or “legal bases”) a company might legitimately process a person’s data. Below, we’ve outlined the most relevant legal bases under the GDPR.
The above information is Phonon’s interpretation of GDPR and its requirements as of the date of publication. Please note that not all interpretations or requirements of the GDPR are well settled and its application is fact and context specific. This information should not be relied upon as legal advice or to determine how GDPR applies to your business or organization. We encourage you to seek guidance of a qualified professional with regard to how the GDPR applies specifically to your business or organization and how to ensure compliance. This information is provided “as-is” and may be updated or changed without notice.