Our path to GDPR
SkillsMap was incorporated beginning of 2018 so we knew when we started that the new EU General Data Protection Regulation (GDPR) was about to come to into effect.
From the get go we have been preparing to meet all the applicable requirements of GDPR; from writing and defining our contracts and our policies, to selecting our third party providers and specifying the way we handle data internally and develop new product features.
SkillsMap.io as a Data Processor
GDPR applies to data controllers as well as data processors. When our customers use our product, SkillsMap.io acts as a data processor. We collect, store and process personal data on behalf of our customers who act as data controllers.
When acting as data processors, we will only process personal data according to the terms and conditions of a contract agreed with our customers. We will not process or use personal data for any other purposes.
We regularly review our applications and our Terms and Conditions to ensure that they are GDPR compliant and reflect our responsibilities as data processor.
As data controllers, our customers also have obligations and it is their responsibility to ensure their own GDPR compliance.
How does SkillsMap.io support their customers in their responsibilities as data controllers?
First of all, we are working hard to meet all GDPR requirements ourselves. We understand that our compliance as a data processor is crucial to your compliance as a data controller as it is important for you to choose data processors that comply with the GDPR.
Secondly, under the new GDPR legislation data controllers and data processors need to be able to work hand-in-hand. Here are the other ways we will help ensure our customers are GDPR compliant:
We will help with compliance
Given a reasonable request, we will help you to demonstrate our GDPR compliance and in the case of a reasonable complaint about the data processing we will cooperate with you.
While we put all reasonable measures in place to prevent unauthorised or unlawful data processing, we will notify you straight away after becoming aware of any personal data breach.
We will help with subject data rights
We will support you in addressing the rights of individuals whenever reasonable and possible. The way we have, and continue to build our applications, means that we can easily support data subject rights that are applicable, such as the right of access, the right of rectification, the right of erasure, the right to restrict processing and the right of data portability.
We will help whenever possible and reasonable
If you have any questions about GDPR or any requests with regards to data subject rights, please contact us at firstname.lastname@example.org.