SalesPal has been preparing for the European Union’s (EU) General Data Protection Regulation (GDPR) right from day one. We have implemented processes and procedures to ensure we meet both our Data Controller and Data Processor obligations. We have processes in place to support Data Subject requests, SalesPal has determined that our current security controls, allow us to adhere to the GDPR’s requirements applicable to our business. This assessment includes supporting our customers in meeting their GDPR obligations.
It is important to note that GDPR does not have an accredited certification method. That means, there is no GDPR-approved way to demonstrate compliance. Here is what SalesPal has done to meet our GDPR obligations and help our customers do the same:
Privacy Shield and Data Transfer
Privacy Shield allows SalesPal to meet the current privacy requirements of Europe for onward transfer by doing the following privacy principles:
Accountability for Onward Transfer
Data Integrity and Purpose Limitation
Recourse, Enforcement and Liability
Standard Contractual Clauses (Model contract clauses)
Additionally, SalesPal signs Data Processing Agreements (DPA) with customers who need them. Where necessary, SalesPal includes standard model clauses for transfer to third-party countries (the current bar set by the EU Commission). These clauses ensure our customers can transfer data to countries outside of the EEA for use in our system. Further, SalesPal has DPAs in place with all sub-processors where legally required.
SalesPal has implemented many strong data security requirements and controls to protect our customer’s data - many of which already meet GDPR standards.
© 2018 | SalesPal Corp. All rights reserved