General Data Protection Regulation (GDPR) Degreed Update
As many of you know, data handling standards continue to evolve around the world. With that comes big responsibility. Degreed is committed to being worthy of your confidence in that your information is safe with us.
In the business of learning, we’d like to shed some light on the state of data protection.
As of May 25th, 2018, all organizations that are a part of or process the personal data of EU citizens are required to comply with the updated General Data Protection Regulation (GDPR).
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation that is intended to strengthen and unify data protection for all individuals in the EU. This regulation gives more control to EU citizens over their personal data and becomes enforceable on May 25, 2018. The requirements are too lengthy to go into great detail, but in short, it allows users to explicitly opt-out of having their information gathered, sets stipulations regarding timely notification of data breaches, ensures right of access and erasure, data portability and a few other items. We are working with our Dutch counsel to understand the GDPR requirements and ensure Degreed remains on target to meet the compliance date.
Degreed will be GDPR compliant by May 25, 2018 and will be working with clients to aid with their own GDPR compliance.
What this means for our clients, prospects and colleagues:
Degreed is committed to supporting the enterprise with GDPR requirements including:
- notification of any security incident/data breach involving their users’ data,
- ensuring safe transfer of data,
- supporting enterprise with user requests to remove data, and
- supporting enterprise user requests for portability/export data in cases
Degreed’s responsibility is to support the enterprise’s need to meet the requests of their users. Additionally, Degreed has entered into Data Processing Agreements which outline roles and responsibilities as well as shared obligations between Degreed and the Enterprise. It’s important to note that client organizations still obligated to adhere to GDPR guidelines as the Data Controller, and Degreed has less direct obligations as the Data Processor.
Please reach out to your organization's Information Security team for specific details to your organization, and you can find additional information here https://gdpr-info.eu/.
What is Privacy Shield Certification?
The Privacy Shield framework was built by the US Dept. of Commerce, the European Commission and Swiss Administration. Certification indicates that a company has taken the necessary measures to protect customer data as it is transferred between the European Union (EU) and US. In order to be certified, companies must ensure their Privacy Policies meet certain requirements and provide an independent recourse mechanism for users to file complaints if they feel the company is not adequately protecting their data. Additionally, there are fees associated with achieving certification.
Degreed has met all of the requirements and received approval for Privacy Shield certifications for the both the EU and Swiss frameworks effective March 6, 2018.
Notifying the Users in Your Organization
This information has been updated as a part of Degreed's Privacy and Security Statement on our website. If you would like to share this update directly with the Degreed users in your organization, we have prepared an email template to keep that communication simple.