General Data Protection Regulation <> LetX

LetX's GDPR Readiness & Updates

Introduction

The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from May 25, 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data.

LetReach Technologies Private Limited (the parent company of “LetReach, Inc.”, “LetX” and all its subsidiary products including but not limited to LetReach, LetSpinio, LetConvert, etc.), hereby referred to as "LetX," is well aware of its role in providing the right tools and processes to support its users and customers meet their GDPR mandates.

 

Understanding GDPR?

The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. GDPR will come into effect on 25th May 2018 and will be applicable to all member states. You can read about the full text of the GDPR here.

Again, GDPR is one of the biggest legislative changes made since 1975. To be effective from May 25, 2018, the primary goal of these changes is protection of personal data and rights of EU residents.

 

GDPR Compliance & Scope?

While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in the sense that it will also apply to non-EU businesses who

a) market their products to people in the EU or who,
b) monitor the behavior of people in the EU.

In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.

 

LetX's Committment 

At LetX, we have always thrived to honor our users' right to data privacy and protection.

We are truly & totally committed to uphold the privacy & the rights of our customers, and the users. The essence of the GDPR is in direct alignment with our core values of customer trust and data privacy. With that in mind, we are actively bent to structure and continue to keep in effect - our products, roadmaps, processes and activities - in total accordance with the standards of GDPR compliance.

Over the years of LetX operations, we have always demonstrated our commitment to data privacy and protection. We have a strong Data Processing Agreement, also in accordance to the standards set by GDPR.

We also recognize that the GDPR will help us move towards the highest standards of operations in protecting customer data.

How is LetX gearing up to stay GDPR compliant?

With a number of cloud applications, LetX has geared up to stay compliant to all the standards set across by GDPR and uplift its processes & operations to enhance a better protection of customer data & privacy. 

As a data processor, LetX understands its obligation to be GDPR compliant and help their customers get ready to be compliant as well. We have thoroughly analyzed GDPR requirements and have put in place a dedicated internal team to drive our organization to meet them. A few of our initiatives include:

• Identifying personal data - Each of several applications undertakes a different level of personal data collection, usage, storage and disposal. Defining the purview of personal data for each of these applications and documenting the various sources of data will go a long way in providing a roadmap for compliance in the days leading up to implementation.
• Providing visibility and transparency - The most important aspect of GDPR is how the collected data is used. As a data processor, LetX's key role is to provide our customers (the data controllers) with the access to effectively manage and protect their user data. LetX is exploring ways to make optimal product enhancements without compromising on performance so that we can provide better transparency to our customers.
• Enhancing data integrity and security - Data privacy and data security are integral to each other. As our customers tighten their data security measures, LetX would like to extend a helping hand. We're streamlining the processes for our cloud applications by implementing IT policies and procedures that provide end-to-end security.
• Portability and transferability of data - GDPR gives end users the right to either receive all the data provided and processed by the controller or transfer it to another controller depending on technical feasibility. With this new right in mind, LetX is working on further enhancing its data exporting capabilities to enable export even at the individual level.
• Data Requests - LetX Growth Team has been extended to receive any open requests relating to any data points or informations at support@letx.co

Other Steps Towards Being GDPR Compliant

• Privacy Policy - LetX has put up an updated privacy policy available here that  outlines our commitment to maintaining the privacy of our customers’ personal data. It also explains what we have done to make sure our customers’ personal data is secure and what choices are available to them.
• Data Processing Addendum (DPA) - Understanding that LetX acts as a Data Processor, all LetX customers, users or organizations (recipients of LetX services) must have a Data Processing Addendum with us. We have a GDPR-compliant DPA that our customers can sign upon request. Amongst other things, our DPA includes a list of of sub-processors for personal data , detailing our breach notification procedures, SLA’s and our governance measures. If you are a LetX customer, please contact us at support@letx.co / contact your Customer Success Manager or refer to our sample LetX DPA - GDPR here - for a copy of your DPA. 
• Right to Customer / User Data Subjects - LetX allows its users, customers and their end users to contact LetX over a dedicated channel to request access, correct and modify their personal data stored on the LetX platform or on any of its applications. End users can contact LetX at support@letx.co to request access, correction or removal of their personal data. As a processor, we are obliged to forward these requests to the relevant customer and help them respond, should it be required. 
• Best in Class Information Security - 

Information security is our highest priority. That is why we have technical and organizational measures in place which ensure that our customer’s personal data remains secure. We have implemented the following data security best practices for GDPR compliance:

• Data minimization
• Log pseudonymization
• Data transparency

We also continue to create and invest in our security and compliance measures.

• New & Relevant Product Updates - As an emerging brand in serving brands, businesses and marketers online with SaaS applications to market better online - we have geared up to roll out relevant updates within our products to help them stay GDPR compliant while they use our applications. We have designed a roadmap of these features and are rolling them out in the respective applications with many being rolled out already - for example - the ability to let our users add a user consent checkbox before submission of any data point by the end user.
• Other Activities:
  - Set Up a Data Protection Management System - Completed
  - Declaration of Data Protection Goals - Completed
  - Outlining the Data Processing Activities & Related Departments Recording - Completed
  - Appointment of a Data Protection Officer - Completed
  - Collaborating with All Vendors (acting as sub processors) to receive data processing agreements - Awaiting
   

General FAQs

When is the GDPR coming into effect?

The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive, it does not require any enabling legislation to be passed by the government; meaning it will be effective from May 25, 2018.

Whom does the GDPR affect?

The GDPR applies not only to organizations located within the EU but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the location of the companies.

What is the difference between a data processor and a data controller?

A controller is an entity that determines the purposes, conditions, and means of processing of personal data, while a processor is an entity that processes personal data on behalf of the controller.

Where can we know more about the GDPR?

You can refer to the following links for more information on the GDPR and how you can prepare for it.

• https://www.eugdpr.org/gdpr-faqs.html
• https://gdpr-info.eu/

 

LetX thrives to be compliant with any standards across the industry to meet the best possible outlines for its customers' data protection & privacy. On the same grounds, we are always happy to help even our users & customers and are open to any questions about customer data security & privacy at our growth desk - reachable at support@letx.co