Our Commitment to You and the Protection of Your Data
We are committed to partnering with 5 Dynamics customers and users to help them understand and prepare for the General Data Protection Regulation (GDPR). The GDPR is the most comprehensive EU data privacy law in decades and will go into effect on May 25, 2018.
Besides strengthening and standardizing user data privacy across the EU nations, it will require new or additional obligations on all organizations that handle EU citizens’ personal data, regardless of where the organizations themselves are located. On this page, we’ll explain our methods and plans to achieve GDPR compliance, both for ourselves and for our customers.
Preparing for the GDPR
The GDPR’s updated requirements are significant and our global team is working diligently to bring 5 Dynamics’ product offerings and contractual commitments in line so customers can prepare themselves before May 25, 2018. Measures to achieve this include:
- Continuing to invest in our security infrastructure
- Making sure we have the appropriate contractual terms in place
- Ensuring we can continue to support international data transfers by maintaining our Privacy Shield self-certifications, and by executing Standard Contractual Clauses through our updated Data Processing Addendum
- Product offerings that include new tools for data portability and data management
We’ll also continue to monitor the guidance around GDPR compliance from privacy-related regulatory bodies and will adjust our plans accordingly if it changes. We’ll provide you with regular updates along the way so that you’re always current.
Our Security Infrastructure and Certifications
Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company entrusted with some of our customers’ most valuable data, we’ve set high standards for security.
5 Dynamics has invested heavily in building a robust security team, one that can handle a variety of issues — everything from threat detection to building new tools. In accordance with GDPR requirements around security incident notifications, 5 Dynamics will continue to meet its obligations and offer contractual assurances.
If you’d like to learn more about 5 Dynamics’ security policies and procedures, please see our Security Practices page. It provides detailed information on how we approach security and includes a white paper on how 5 Dynamics ensures user data security in particular.
International Data Transfers: Privacy Shield and Contractual Terms
To comply with E.U. data protection laws around international data transfer mechanisms, we have self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
In addition, we offer European Union Model Clauses, also known as Standard Contractual Clauses, to meet adequacy and security requirements for our customers who operate in the E.U.
Data Portability Solutions and Data Management Tools
Customers have requested tools to help them comply with the GDPR. We have either already released these tools or are actively developing them.
Compliance-related tools include the following:
- Import and export tools. Businesses and organizations may access, import, and export some of their Customer Data, including user information, reports, and graphs.
- Profile deletion tool. Help customers respond to user requests to delete personal information, such as names and email addresses, from a Simpli5 account or disconnect them from an organization.
GDPR Summary Overview
5 Dynamics does not use customer data other than for the purpose of providing our Services.
- Right to data access. EU citizens have the right to request and receive detailed information on what data a company possesses on them and how it’s utilized.
- Data portability. EU citizens have the right to ask that that a company transmit their data to another company, making it easier for them to switch to a competing service or product provider.
- There is no other service provider for this methodology so this does not apply.
- Right to be forgotten. EU citizens can demand that you delete all information you have on them (called “data erasure”) and can revoke consents they might have given you previously.
- Users can be deleted from the Simpli5 platform on request. For now, it is a manual process. It can be automated later in the unlikely event that we get lots of requests.
- Breach notification. Applying to both data controllers and processors, this requires that EU citizens be notified within 72 hours of a data breach that might compromise their privacy.
- Please refer to the Simpli5 Security Practices page for more information.
Fulfilling our privacy and data security commitments is important to us so we are happy to assist you with preparing for all the changes the GDPR brings. This page will be revised to reflect GDPR-related information as it becomes available. If you have any questions about how 5 Dynamics can help you with compliance, we hope you’ll reach out to us.