The General Data Protection Regulation (GDPR) is the biggest change to European data protection legislation in over two decades. It governs the European Union’s (EU) protection of personal data, including its processing and transfer, and seeks to unify data protection laws across Europe. It will come into effect on 25 May 2018.
While the GDPR is aimed at protecting the processing of personal data within the EU/EEA, it has a very broad scope and will affect organizations both inside and outside the EU/EEA that process personal data. This can relate to goods offered or services rendered to subjects within the EU/EEA or that monitor their behavior. If you collect, control or process the data of subjects within the EU/EEA, then the GDPR most likely applies to you.
The GDPR doesn’t require the storage of personal data within EU/EEA boundaries. It does, however, set certain conditions before any personal data can be transferred outside the territory. These conditions are defined in the GDPR and organizations must comply with them before moving data across borders.
Our products are backed by state-of-the-art technology. We protect our data by implementing best industry standard encryption on our data both in transit and in rest. We are committed to treating all personal data received from EU member countries in accordance with the relevant legislation.
We will inform our customers of incidents involving your data in line with our current and future agreements. We have 24/7 incident response procedures that will help you identify and respond to any events that may breach personal data without undue delay.
When the GDPR comes into effect, Tempo will act as a processor for its customers, who are the controllers of their personal data. This is in accordance with the GDPR and we have built privacy mechanisms into our products in order to support this. We are committed to continuously developing these mechanisms and will carry out periodic checks of our processes.
Tempo ensures all of the appropriate safeguards whenever personal data is transferred from the EU to the US, such as with our Tempo Cloud Solution data stored on Amazon Web Services (AWS). AWS has a Privacy Shield certification and this ensures protection under the GDPR. We will continue to monitor any changes in data-transfer mechanisms and are committed to complying with any applicable data protection laws regarding cross-border transfer.
We will ensure our contracts will be updated to reflect any changes to our products as required by the GDPR. This will enable us to continue to lawfully receive and process data. We will notify our customers about changes to our legal documents through the usual channels.
Our teams are making changes to ease compliance with GDPR, including the areas of data minimisation, purpose limitation and data subject rights. We are analyzing our features and flows to make them better for our users subject to the GDPR, as well as evaluating new GDPR-compliant features to add to our systems. We will notify customers about any new features through our usual channels.