Last updated: August 2021
We have been carefully studying the GDPR and understand the impact on you, our customer, and the necessary actions we need to take to satisfy its requirements. Here is a summary of what we’ve learned and the actions that we are taking. Please reach out to us at email@example.com should you have any questions.
The General Data Protection Regulation (GDPR), the EU’s omnibus privacy law that replaces the Data Protection Directive 95/46/EC, aims to bring order to a patchwork of privacy rules across the EU. The GDPR became enforceable as law in all EU member states on May 25, 2018. If you would like to read the full GDPR, please find it here.
The GDPR is European legislation designed to harmonize data security and protection across the EU (European Union) . It imposes new regulations for both small businesses and large companies to protect consumers regarding data processing, access, and security, in addition to tougher enforcement for breaches of the rules.
The GDPR was created around six core principles (Article 5) for personal data, which are as follows:
The GDPR contains security, recordkeeping, access rights, and notification procedures that companies must implement to ensure compliance. Issues that are attracting particular attention include increased administrative requirements and the need to provide the tools necessary to meet the numerous obligations on both controllers and processors.
Evisort takes its legal and regulatory obligations seriously. Moreover, we take data privacy and security very seriously. The core of our business involves the collection of contracts on behalf of our customers, which almost always includes personal data. We constantly work to ensure we collect, process, and share the data we deal with in a lawful and transparent manner.
There are two primary roles in the GDPR structure: Controller and Processor. Our customers provide the contracts and have a relationship with the data subjects involved, and as such, our customers are considered the Controller. Evisort, which provides a software application that utilizes artificial intelligence to extract, classify, and track key provisions in such contracts on behalf of customers, is considered the Processor. As Processor, it is our duty to assist our Controller customers so that they may be compliant with the GDPR.
To that end, we wanted to share with the Evisort community some information about Evisort’s practices and procedures related to data collection and GDPR compliance. There are the relevant features of our technology that allow our Controller customers to satisfy key requirements of the GDPR:
Security: The Evisort platform has a large number of enterprise security features that make us the trusted platform for thousands of companies, ranging from small start-ups to the Fortune 500. Evisort has implemented appropriate technical and organizational measures in line with the requirements of the GDPR to ensure that the level of security of personal data is appropriate to the level of risk associated with processing such persona data, and to help ensure the protection of the rights of individuals.
Some of the highlights of the security measures we’ve put in place include:
A full overview of our security architecture can be found at our Product Security webpage.
GDPR contract update: Both Evisort (Processor) and its customers (Controllers) are jointly and separately responsible for certain actions under the GDPR. Therefore, the GDPR requires shared responsibility to protect an individual’s privacy rights. GDPR Article 28 requires that a contract be in place between a Controller and a Processor. Evisort’s Terms and Conditions provide the fundamental legal requirements and obligations regarding data ownership, confidentiality, and processing responsibilities. However, if you would like to execute a separate Data Processing Addendum (DPA) with Evisort with GDPR-specific language, please email us at firstname.lastname@example.org.
GDPR roles and employees: Evisort has designated Jonathan Price as our Security Officer to develop and implement our roadmap for complying with the GDPR. He is responsible for promoting awareness of data privacy and GDPR across the organization, assessing our GDPR readiness, identifying any gap areas, and implementing new policies, procedures, technologies, and measures to address such gaps.
Evisort understands that continuous employee awareness is vital to the continued compliance of the GDPR and has involved its employees in plans of adequate preparation. If you have any questions about our preparation for the GDPR, please contact Jonathan Price at email@example.com.