fbpx

GDPR

Find out how GPDR affects One. and its clients, and what we do to ensure compliance.

What is GDPR?

The European Union (EU) General Data Protection Regulation (GDPR) is a set of regulations coming into effect on May 25, 2018 that enhance the data privacy rights of EU individuals and unify data privacy protections within the EU. The scope of the GDPR covers companies operating in the EU, as well as companies operating outside the EU who offer services to, or monitor the behaviour of, EU residents.

How does GDPR apply to One.?

The GDPR sets out obligations on 1) Data Controllers, or those that determine the purpose and means of the processing of personal data of EU residents, and 2) Data Processors, or those that process personal data of EU residents on behalf of Data Controllers.

One. is a Data Processor with respect to the personal data processed and/or collected in the following products: LinkedIn. One. processes the personal data collected in these products on behalf of its clients, and those clients are either Data Processors as well or the Data Controllers of said data. As a Data Processor, One. processes said data only on the instructions from its clients.

What is One. doing to foster compliance with GDPR?

One. is committed to GDPR compliance across our products to ensure our compliance. We have reviewed our systems, processes, policies and documentation and updated them where necessary.

What should clients of One. do?

When One. acts as a Data Processor on the clients behalf, our clients as Data Controllers are responsible for ensuring that their use of our services is in compliance with the GDPR. Please consider the following:

  • The GDPR requires Data Controllers to have a contract with their Data Processors. The GDPR sets out what needs to be included in the contract (in general called a Data Processing Agreement);

  • The GDPR requires Data Controllers to have a legal basis for processing personal data and requires them to provide information to people about how their personal data is processed;

  • The GDPR requires Data Controllers to retain personal data no longer than necessary for the purpose it was obtained for. Depending on the usage of One. services, clients may need to conduct data maintenance to be compliant with the GDPR.

Can we be of service?

Please don’t hesitate to contact us if you have any questions or comments. Our team is happy to help! legal@oneworks.co