SearchUnify’s primary emphasis is, being in compliance with any existing decrees and regulations pertaining to the collection, distribution and utilization of any data, including personal identifiable information. With the initiation of the General Data Protection Regulation (GDPR) in the European Union, Grazitti Interactive with its product SearchUnify vows to its customers, especially the clients using our business search solution, to be an ally in Compliance and Data Protection not only across Europe/US, but worldwide.
Grazitti Interactive, aspires to work as ‘data processors’ in collaboration with our clients to achieve data privacy and empower our clients to be GDPR compliant as ‘data controllers’ where all data inputs on the SearchUnify platform are done by the clients. This Blog provides the SearchUnify perspective and procedure to be GDPR compliant.
GDPR – SearchUnify & Clients
On May 25, 2018, the GDPR will become enforceable, supplanting the current EU Data Protection Directive. The GDPR deviates from the Data Protection Directive in that it will have direct legislation in all EU member states overriding any country-specific privacy laws that were already in place.
The GDPR is relevant to any organization or corporate entity operating within the European Union, besides those outside the EU that tender products or services to enterprises or customers in the EU. Therefore, every organization, irrespective of locale, that works with the personal data of EU citizens (as defined by the GDPR) will be liable to comply with GDPR requirements.
In context of GDPR, SearchUnify clients are titled as “controllers” of the personal data fenced in within the SearchUnify platform, and Grazitti Interactive is designated as a “processor.” Therefore, SearchUnify and clients both have imperative roles to conform with certain compulsions under this new data protection decree. One set of decrees is specific to the controller-processor relationship; the other set concerns the controller’s commitments for handling personal data — in this instance, primarily from users of SearchUnify, such as workforce and business associates.
SearchUnify, expects that its clients and SearchUnify users will be careful about the legal prerequisites that are going into effect under the GDPR. Primarily, we ask our clients to ensure that they have acquired consents and authorizations from data subjects, that SearchUnify must have so as to operate as a processor of business- specific, acquired, personal data.
As a business affiliate with our clients, Grazitti Interactive has made the commitment to assist them with GDPR compliance. These comprise endeavors related to the GDPR standards in Chapter III (Rights of the Data Subject), especially the rights of access and rectification (Articles 15 & 16), right to erasure or “right to be forgotten” (Article 17), right to data portability (Article 20), and right to not be subject to automated decision-making, including profiling (Article 22).
How prepared is SearchUnify for GDPR?
Data privacy is integral to Searchunify’s operating model. Our existing Grazitti Interactive Privacy program is all-inclusive and in accordance with globally accepted standards, including compliance in accordance with SSAE 18, SOC1- Type 2 and SOC2- Type 2 standards. Mindful of the upcoming GDPR, our Legal, Information Security, Cloud Infrastructure, Product, and Privacy teams have initiated a GDPR preparedness project in which a dedicated group of compliance experts are working indefatigably toward the May 25, 2018 deadline.
SearchUnify – GDPR Readiness
- Ascertain Your Role: As a cloud-based Search Solution, SearchUnify is processing data for its customers, hence, it is named as a ‘data processor’. Keeping in mind the expected compliance with Global Data Protection & Data Security laws, Grazitti Interactive for SearchUnify has enforced an Information Security Program with strategies and procedures that aid to ensure that we conform with already existing and upcoming compliances for the use of our product.
- Data Protection Officer: GDPR mandates Businesses, including public authorities except for judiciary, involved in monitoring data subjects and processing large quantities, special categories of data, to appoint a Data Protection Officer. Grazitti Interactive is appointing a Data Protection Officer to monitor internal compliances with GDPR.
- Accountability in Data Processing: Grazitti Interactive’s compliance program is already defined in detail and based on globally accepted standards. Its efficiency is intermittently affirmed by third parties with diverse compliance certifications including ISO 27001, with SSAE 18 SOC1 Type 2, SOC2 Type 2, ISO27701:2019. Grazitti Interactive has enforced an Information Security Program with strategies and procedures defining how personal data is used, managed and protected. Our existing information security program is further detailed in SearchUnify’s Master Service Agreement (MSA). Grazitti Interactive commits to supervise and respond to Security Incidents in conformity with our standard operating procedures which defines situational responses to Security Breaches. Grazitti Interactive has dedicated a well-trained Information Security team with industrial and technical proficiency, supported by a strong complement of external specialists.
- Rights of Data Subjects: SearchUnify customers gather the personal data of their users. These individual users are the Data Subjects, and our clients, who are assigned the role of data controllers, have to respond to certain requests as permissible under GDPR. Our clients will expect Grazitti Interactive, as a data processor, to provide functionality within SearchUnify that enables them to conform with GDPR. With the advent of the GDPR, Grazitti Interactive has continued regular internal reviews of SearchUnify platform features to reconfirm that the platform provides the needed features to our customers.
GDPR – Going Forward
Grazitti Interactive has committed to a constant, ongoing responsibility to ensure the privacy and security of clients’ data. This Blog will be updated as needed, before and after the GDPR goes into effect, to be completely current with GDPR-related developments. If you have any questions, please contact us at – firstname.lastname@example.org