Complying with GDPR
The General Data Protection Regulation (GDPR) is a European privacy regulation with the goal of strengthening the security and protection of personal data in the European Union (EU). Leading2Lean customers that collect and store the personal information/data of EU citizens are considered data controllers under the GDPR. Data controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant EU data protection law.
The overview describes how certain features and functionality in Leading2Lean services can assist with your obligations as a GDPR data controller under GDPR. Leading2Lean is considered a third-party data processor under the GDPR because it handles the personal data of its customers’ users.
For more information on our Subprocessors click here.
What is personal data?
Personal data is any data that can be used to identify an individual. Obvious examples include an email address or a phone number. Personal data may also include any data that could be used indirectly to identify an individual.
Your organization needs to decide what is personal data. Is it simply an email address or phone number, or do you further disambiguate using a combination of identities or attributes? This decision is up to you.
If you’re not sure whether or not a piece of information is personal data, it’s best to err on the side of caution. Another option is to seek legal advice.
What personal data is collected in Leading2Lean Services?
Leading2Lean’s services as a general rule collects very little personal information. The users identified within the system are created by our customers and typically represent their own employees. The information we collect is very basic and includes, but is not limited to, the following:
- First Name
- Last Name
- Email Address
- Phone Number
- SMS Email Gateway Address
Leading2Lean products do not collect credit card information, social security numbers, passport information, or health care information. We recommend to customers that they store privacy sensitive personal data outside of the Leading2Lean services.
How do I forget a user in Leading2Lean Services?
For customers responding to a request to forget a users information, the customer may have various regulatory laws and liability constraints that may govern record retention that they will need to consider before proceeding. These laws help to protect the integrity of the information regarding the manufacture of goods for liability or other reasons. We recommend developing a company policy to govern this process that considers all applicable laws and industry regulations.
It is possible to edit the user’s personal information to change / update the user’s personal information to anonymize the user record. This is the best practice if the customer is required to comply with the request. This is the responsibility of the customer.