GDPR, Privacy and Data Protection at Forms On Fire
Information about our privacy and General Data Protection Regulation efforts
The European General Data Protection Regulation (“GDPR”) legislation introduces a new set of rules for the processing of personal data.
GDPR is the most modern and fully integrated legislation on data privacy, and the applicability of the GDPR does not stop at the borders of the European Economic Area (“EEA”). Forms On Fire has embraced the requirements of GDPR, and we consider GDPR to be the benchmark for our privacy and data protection efforts. Below you’ll find information about GDPR, as well as answers about data protection and privacy at Forms On Fire.
Why GDPR should matter to you
GDPR modernizes outdated privacy laws and impacts your organization if you collect or process data in or from Europe. If you’re based in Europe, or you work with persons that are in Europe, then you likely need to comply with GDPR. Fines of up to €20,000,000 or 4% of global annual revenue, whichever is greater, could be levied on you if your organization is impacted and is not compliant with GDPR regulations.
How to prepare for GDPR
If your organization is impacted by GDPR, then you need to make sure you are compliant with the legislation before it commences on May 25, 2018. The good news is that we make it easy to use Forms On Fire in a GDPR-compliant way!
The following steps are recommended as a means to achieving compliance.
NOTE: We’re not lawyers! If you’re unsure about your compliance status, please seek your own legal advice.
Review your vendors/suppliers and data flows
Make a list of your software and other vendors, and document the data flows across your business, what type of personal data you collect and who has access. It’s likely that you will need to design agreements that assure data protection with any vendors who may handle personal data (personally identifiable information or PII).
Review the Forms On Fire DPA if applicable
If you are a Forms On Fire client and are considered to be a data controller under GDPR, then you should review our online Data Processing Addendum (DPA) as it applies to you. The Forms On Fire DPA incorporates with our Terms of Service so, by having acknowledged our Terms of Service and continuing to use Forms On Fire, you’re already accepting our DPA. If you need to explicitly sign a data processing agreement with Forms On Fire, please email to us your company’s legal name and address to firstname.lastname@example.org requesting a copy of our DPA.
Identify and mitigate your risks
Perform a risk assessment within your business to identify any gaps that need to be addressed for meeting GDPR compliance.
Implement ongoing compliance
Plan and implement your GDPR compliance activities ahead of the May 25, 2018 deadline, and then ensure that compliance continues thereafter as an ongoing discipline for your organization.