General Data Protection Regulation (GDPR) General Information

    Privacy, security, compliance, transparency, and responsibility characterize the way Foster Digital conducts business. As a processor of large volumes of customers’ personal data, we recognize our responsibility to respect privacy rights and to put in place appropriate standards of data protection.

    What is the GDPR?

    The General Data Protection Regulation (GDPR) is a new European privacy regulation which has replaced the previous EU Data Protection Directive (Directive 95/46/EC). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.

    To whom does the GDPR apply?

    The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.

    What implications does GDPR have for organizations processing the personal data of EU citizens?

    One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Organizations will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.

    How has Foster Digital been preparing for the GDPR?

    Foster Digital is compliant with the GDPR starting from May 25, 2018.

    Who is the Controller and who is the Processor?

    In accordance with the GDPR, if Foster Digital provides a client with outsourcing customer support services and respectively processes personal data on behalf of the client throughout the course of such services, then Foster Digital is recognized as the “Processor” and the client is recognized as the “Controller”.

    How can Foster Digital clients become compliant with GDPR?

    Foster Digital encourages clients to prepare for the GDPR by reviewing their privacy and data security processes and policies to ensure compliance. Controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with EU data protection law. Below are some key points to consider for GDPR compliance:

    • Geographical Application: The GDPR may apply to organizations that are established in the EU as well as certain organizations established outside the EU that are processing the personal data of EU citizens.
    • Rights of End-Users: Organizations should be cognizant of End-Users whose personal data they may be processing. The GDPR establishes enhanced rights for End-Users, and organizations must be able to accommodate those rights.
    • Data Breach Notifications: Organizations that are controllers of personal data should have clear processes in place in order to comply with the GDPR requirement to report data breaches in accordance with the time frames set out within the GDPR.
    • Appointment of a Data Protection Officer (DPO) and Representative within EU (Representative): Organizations may need to appoint DPOs and Representatives to manage issues relating to the processing of personal data.
    • Data Processing Agreement (DPA): If organizations use a third party to process personal data on their behalf, they need to have a DPA in place with the processor to comply with GDPR requirements. Foster Digital’s DPA can be obtained by submitting a request to support@gofosterdigital.com.