As many of you know, data handling standards continue to evolve around the world. With that comes big responsibility. Degreed is committed to being worthy of your confidence in that your information is safe with us.
In the business of learning, we’d like to shed some light on the state of data protection.
As of May 25th, 2018, all organizations that are a part of, or process the personal data of EU citizens, are required to comply with the updated General Data Protection Regulation (GDPR).
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation that is intended to strengthen and unify data protection for all individuals in the EU. This regulation gives more control to EU citizens over their personal data and becomes enforceable on May 25, 2018. The requirements are too lengthy to go into great detail, but in short, it allows users to explicitly opt-out of having their information gathered, sets stipulations regarding timely notification of data breaches, ensures right of access and erasure, data portability and a few other items. We are working with our Dutch counsel to understand the GDPR requirements and ensure Degreed remains on target to meet the compliance date.
What does this mean for our clients, prospects and colleagues?
Degreed is pleased to announce that it has obtained EU-US and Swiss-US Privacy Shield certifications effective March 6, 2018. This certification shows that Degreed adheres to the principles of both Privacy Shield frameworks, commitment to data protection and privacy for all users. Degreed also remains committed to reaching GDPR compliance in advance of the May 25, 2018 enforcement date.
We are committed to supporting the enterprise with GDPR requirements including:
- notification of any security incident/data breach involving their users’ data,
- ensuring safe transfer of data,
- supporting enterprise with user requests to remove data, and
- supporting enterprise user requests for portability/export data in cases
Degreed’s responsibility is to support the enterprise’s need to meet the requests of their users. Additionally, Degreed has entered into Data Processing Agreements which outline roles and responsibilities as well as shared obligations between Degreed and the Enterprise. It’s important to note that client organizations are still obligated to adhere to GDPR guidelines as the Data Controller, and Degreed has less direct obligations as the Data Processor.
Please reach out to your organization’s Information Security team for specific details to your organization and you can find more information here: https://gdpr-info.eu.