The European Union General Data Protection Regulation (GDPR) is a regulation that took effect on May 25th, 2018. GDPR governs how you use and store personal data (including names and email addresses) if:
Your organization has a physical presence within the EU.
You offer courses via Pathwright to people who are citizens of the EU.
📃 This article provides a concise overview of the GDPR law in case you’d like to learn more about GDPR compliance.
We certainly aren't the right people to offer legal advice for your specific situation and recommend you consult a lawyer or expert to review your own compliance with regards to how you store and use personal data storage for your EU customers. With that understanding, the following suggestions should not be considered legal advice.
That said, we want to make it as easy as possible for you to verify that Pathwright – and your use of it – is compliant. This article explains how Pathwright complies with GDPR regulations and includes an overview of features within Pathwright that will help you stay compliant based on your own usage of personal data obtained through Pathwright.
Pathwright maintains GDPR Compliance
We've never been in the business of selling data or collecting any more personal data on you or your learners than absolutely necessary. Additionally, security and privacy have always been essential to us, so compliance with GDPR didn't required us to change much about how we use and secure data.
To maintain Pathwright's GDPR compliance we:
Appointed a “Data Protection Officer” who is responsible for monitoring all of our data use and security for ongoing compliance. Our Data Protection Officer is Mark Johnson, the CTO of Pathwright.
Verify all our third-party data processors for GDPR compliance.
Provide DPA agreements on request (contact us at firstname.lastname@example.org or using the messenger below to request a DPA agreement).
Tips for keeping your use of Pathwright GDPR Compliant
2) Enable an opt-in consent checkbox
Find detailed instructions for adding an opt-in consent checkbox and exporting records here.
3) Manage access, export, and deletion of EU member data
Your members can view and update the personal data Pathwright stores about them on their profile at anytime.
If a member requests that you permanently delete the data Pathwright stores about them, then please notify us at email@example.com or via the in-app messenger, and we’ll ensure that the data is removed from our systems permanently within 30 days.
If one of your members requests an export of data that’s not already exportable from within Pathwright, please let us know through the same channel, and we’ll fulfill the request.
We’ll be posting any other updates to our GDPR compliance on this article, so be sure to check back. If you have any questions regarding GDPR and Pathwright that aren't answered here, just message us.