Have you heard about the new data privacy law affecting European Union (EU) citizens? Are you wondering whether there’s anything you need to do with the student data you collect through AwardSpring to comply? Some of our competitors have released complicated and confusing explanations of GDPR. At AwardSpring, we think it’s important to explain the new law in an easy-to-understand way. Read on for a plain-English primer of the new regulation and an explanation of how AwardSpring can help you comply with the new law.
About General Data Protection Regulation (GDPR)
On May 25, 2018, the EU implemented GDPR, a law that regulates how companies store, use, and explain how they use personally identifiable user data. All organizations that handle the data of EU citizens must comply with GDPR, no matter where those organizations are based.
Here are the core elements of GDPR, along with details about how AwardSpring facilitates customers’ compliance:
Organizations must collect only necessary data. AwardSpring recommends that customers limit the user data they collect to just the essentials for the scholarship application process..
Organizations must allow users to request the deletion of their data if the personal data is no longer necessary. Any AwardSpring customer or user can request that we delete his or her data at any time. In response, customers can delete users, which removes all associated data - so be sure that you no longer need the data before deleting a user!
Organizations must meet technical requirements for data storage. AwardSpring meets the technical requirements outlined by the law, which includes:
-Having an information security policy and regular reviews
-Maintaining multiple, redundant forms of backup across disparate geographic locations
-Training staff on user privacy
Organizations must disclose any privacy breaches. In the unlikely event of a data breach, we are contractually obligated to notify our customers in writing as soon as possible.
Organizations must test regularly for vulnerabilities. AwardSpring regularly uses automated scans to check for vulnerabilities in our system.