GDPR stands for “General Data Protection Regulation”. It is one of the most important changes made to data privacy regulations in the last two decades. It establishes a new framework for handling and protecting the personal data of EU-based residents and is in effect since May 25, 2018. It provides the citizens of the EU greater control over their personal data and assures them that their information is protected.
Even though GDPR is a data protection framework for the citizens residing in the EU, it also applies to all companies that handle the personal data of individuals from the EU. In this way, almost every corporation falls under the jurisdiction of GDPR. If you are someone who stores or processes personal data while offering your goods or services in the EU, then the laws apply to you as well. Also, in the event of an infringement of GDPR laws, you can face fines and penalties up to 20 million dollars or 2% to 4% of the annual revenue of the organization depending upon whichever is higher.
Xoxoday acts both as a Data Controller and as a Data Processor within the realm of GDPR compliance:
As a Data Processors, we process personal data on behalf of our customers as our product services include that.
As a Data Controller, you're responsible for safeguarding the data of your customers/employees data as they interact directly with products at Xoxoday. Customer Companies determine what data on Employee Users are collected and how it is used. If you wish to exercise your data subject rights to review, rectify, delete or port your Employee User Personal Data, please contact the controller to make such a request. If you make the request to us, we will work with the controller to process and evaluate such request to confirm whether deletion is required by GDPR.
Xoxoday takes data integrity and security very seriously. Xoxoday is fully committed to upholding the rights data subjects are granted under the applicable data protection laws. Over 2 million customers across the globe trust us with their data security. Due to the nature of the product and service we provide, it is important that we acknowledge that our responsibilities both as data controller as well as a data processor. Customer data security is an essential part of our product, processes, and team culture. Our facilities, processes, and systems are reliable, robust, and tested by reputed quality control and data security organizations. We continuously look for opportunities to make improvements in the dynamic technology landscape and give you a highly secure, scalable system to provide a great experience.
We have also appointed a Data Protection Officer (DPO) who looks after any concerns of data infringement across our three products. For any concerns, you can write to firstname.lastname@example.org
We have amended our Data Processing Addendum to be compliant with the data processing requirements of GDPR. if you are using Xoxoday products and have agreed to our terms of service, you do not need to sign an additional Data Processing Addendum. As of May 25th, 2018, our user terms of service include a provision to ensure compliance with GDPR. If you are the organization administrator and would like to sign a DPA with us, please write to email@example.com
Each of Xoxoday’s vendors and sub-processors has an executed Data Processing Addendum to ensure compliance under the EU GDPR requirements. An audited minimum relevant set of data is shared with each vendor.
Xoxoday regularly evaluates enforcement of - security policies, utilization of dynamic access controls, identity verification of those accessing data, and implementation of protection mechanisms against data breach. Relevant certifications include ISO 27001, SOC II compliant.
Disclaimer -The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.