We at elmah.io are great supporters of having regulation for the purpose of securing our customers' private data and making the web a safer place. We have been actively working with these areas since we launched elmah.io back in 2013, and we got a chance to revisit and verify a lot of decisions we've made over the years when GDPR was introduced. In this document, we will go through our commitment to GDPR.
What is the GDPR?
The GDPR (General Data Protection Regulation) is Europe's "new" data privacy and security law introduced back in 2018. It is said to be the toughest privacy law in the world and puts privacy and security requirements on all companies dealing with European customers.
Unlike similar regulations, GDPR doesn't have any official certification. It's basically a ~100-page, unfortunately rather vague and open for misunderstanding, requirement document that any EU-targeted business needs to read, understand, and conform to.
What are we doing?
- Appointed a DPO (Data Protection Officer).
- Created a DPA (Data Processing Agreement) for customers who want it can request. We have acquired DPAs from our sub-processors as well.
- Went through all of our security processes and documented everything on our internal wiki.
- Restricted access to customers' data. Supporters need an explicit approval on every lookup either per case or given globally through the support chat widget.
- Added an accept cookies widget.
- Created a public GDPR wiki where we have documented processes and decisions. The pages have all been incorporated in our legal documents but serves as work-in-progress documentation to be as transparent as possible.
If you have any questions about how we commit to GDPR, please contact us.