GDPR - Frequently Asked Questions

On May 25th, 2018 a new privacy law goes into effect across the European Union (EU). It is called GDPR or General Data Protection Regulation. Any organization that does business in the EU is required to adhere to GDPR. As a company that not only does business in the EU, but has a major office in the EU, Base is committed to becoming fully GDPR compliant by the May 2018 deadline.

 

What is the GDPR?

The General Data Protection Regulation (“GDPR”) is a new European privacy regulation that aims to strengthen the security and protection of personal data in the EU and unify EU data protection law.

GDPR improves business practices, assures that Employees and Customers are informed and given choices in the information collected and kept about them, and makes the conforming businesses, as better businesses.

 

To whom does the GDPR apply?

All organizations operating in the EU that are processing Personal Identifiable Data of EU residents are required to adhere to GDPR.

 

What are Personal Identifiable Data?

Personal Identifiable Data is any information that identifies an individual, describes, or is about an individual is personal data.

 

What implications does GDPR have for organizations processing the personal data of EU residents?

GDPR has been designed to create consistency on how personal data can be processed, used or exchanged securely. To comply with GDPR, organizations will need to implement and regularly review policies and procedures, as well as measures that would ensure the security of the data that is being processed.

 

Base as the Data Processor

As a Base Customer, you are utilizing the Base platform to store data about your Customers. Therefore, you are considered a Data Controller of the personal data of your Customers. As the Data Controller, you bear the primary responsibility for ensuring that their processing of personal data is compliant with relevant EU data protection law.

At the same time, Base acts as a Data Processor, as the company is carrying out activities on the customer data on your behalf. Base Privacy Policy describes in detail our role as a Data Processor and how we protect the rights of Customers of our Customers and care for their information.

We also provide Data Processing Agreement to our Customers, to reflect the parties’ agreement with regard to the Processing of Personal Data of Customer, in accordance with the requirements of Data Protection Laws.

 

Base as the Data Controller

Base acts as the Data Controller for the personal data we collect about our Customers.
As the Controller for your personal data, Base is committed to respect all your rights under the GDPR. Base Privacy Policy describes in detail our role as a Data Controller and how we protect the rights of our Customers.

 

How has Base been preparing for the GDPR?

As a company that not only does business in the EU, but has a major office in the EU, Base is fully committed to GDPR. Over the course of the past months, we’ve taken many steps to ensure our readiness to comply with GDPR:


Cooperation with TrustArc

To ensure we’re GDPR-ready by May 25th, we engaged technology compliance and security company TrustArc, for consultancy and expertise in all GDPR areas.

Over the course of our cooperation, we have gathered information, analyzed it in the light of GDPR and introduced needed changes and processes that were recommended by the aforementioned party.


Internal processes and data security

We worked with all departments to inventory the personal data we collect and assure it is handled properly, and that we meet our obligations as a company. This resulted in introducing several internal processes ensuring full security of data of our customers.


Readiness for GDPR-related requests from our Customers

Within our role as a Data Processor, we’ve prepared our systems to support our customers in their efforts to comply with GDPR as a Controller. Additionally, this FAQ will be routinely updated with frequently asked questions.

If you have any questions in regard to our support in handling those requests, please reach out to [email protected] 


Have you updated your Privacy Policy?

We’ve revised and updated the Base Privacy Policy, to ensure it meets GDPR requirements. The updated Privacy Policy increases transparency on the procedures Base has in place to ensure security and privacy of Customer data and data of Clients of our Clients.

 

Can you sign a Data Processing Agreement (DPA)?

Yes, we have updated the Base Data Processing Agreement, an amendment to the Contract with our Customers, that reflects the parties’ agreement with regard to the Processing of Personal Data of Customer, in accordance with the requirements of Data Protection Laws.
To request a signed DPA please download the agreement here and send the completed document to [email protected] to be countersigned.

 

Training

We’ve conducted several trainings in Base team to prepare our staff and ensure adoption of processes focused on the security of data. Apart from global team trainings, and available resources available for everyone in the team, each department receives a custom training on processes that involve handling of personal data.

 

How can I file a request about DPA?

To request a signed DPA please download the agreement here and send the completed document to [email protected]

 

How can I file a request about GDPR?

If you have any questions or requests regarding GDPR, please send it to the Base data compliance team at [email protected] or submit a ticket here, choosing the topic as 'GDPR'.