What is GDPR?
The General Data Protection Regulation (GDPR) is the biggest change to European data protection legislation in over two decades. It governs the European Union’s (EU) protection of personal data, including its processing and transfer, and seeks to unify data protection laws across Europe. It will come into effect on 25 May 2018.
Does it apply to me?
While the GDPR is aimed at protecting the processing of personal data within the EU/EEA, it has a very broad scope and will affect organizations both inside and outside the EU/EEA that process personal data. This can relate to goods offered or services rendered to subjects within the EU/EEA or that monitor their behavior. If you collect, control or process the data of subjects within the EU/EEA, then the GDPR most likely applies to you.
GDPR personal data image
Does the GDPR require the storage of personal data in the EU/EEA?
The GDPR doesn’t require the storage of personal data within EU/EEA boundaries. It does, however, set certain conditions before any personal data can be transferred outside the territory. These conditions are defined in the GDPR and organizations must comply with them before moving data across borders.
Disclaimer: Nothing on this website constitutes legal advice on compliance under the GDPR and the text contained here is not a substitute for legal advice. We strongly recommend seeking legal advice for accurate information about your GDPR compliance.
Our Commitments
The information below refers to our cloud and server versions, as applicable.
Safeguards
Our products are backed by state-of-the-art technology. We protect our data by implementing best industry standard encryption on our data both in transit and in rest. We are committed to treating all personal data received from EU member countries in accordance with the relevant legislation.
Incident response
We will inform our customers of incidents involving your data in line with our current and future agreements. We have 24/7 incident response procedures that will help you identify and respond to any events that may breach personal data without undue delay.
Privacy
Tempo acts as a processor for its customers, who are the controllers of their personal data. This is in accordance with the GDPR and we have built privacy mechanisms into our products in order to support this. We are committed to continuously developing these mechanisms and carry out periodic checks of our processes.
Data Transfers
Tempo ensures all of the appropriate safeguards whenever personal data is transferred from the EU to the US, such as with our Tempo Cloud Solution data stored on Amazon Web Services (AWS). We will continue to monitor any changes in data-transfer mechanisms and are committed to complying with any applicable data protection laws regarding cross-border transfer.
Legal documentation
We will ensure our contracts will be updated to reflect any changes to our products as required by the GDPR. This will enable us to continue to lawfully receive and process data. We will notify our customers about changes to our legal documents through the usual channels.
Product compliance
Our teams have made changes to ease compliance with GDPR, including the areas of data minimisation, purpose limitation and data subject rights. We have analyzed our features and flows to make them better for our users subject to the GDPR. We will notify customers about any new features through our usual channels.
