The European Union General Data Protection Regulation (GDPR) is a regulation that took effect on May 25th, 2018. GDPR governs how you use and store personal data (including names and email addresses) if:
Your organization has a physical presence within the EU.
You offer courses via Pathwright to people who are citizens of the EU.
📃 This article provides a concise overview of the GDPR law in case you’d like to learn more about GDPR compliance.
We certainly aren't the right people to offer legal advice for your specific situation and recommend you consult a lawyer or expert to review your own compliance with regards to how you store and use personal data storage for your EU customers. With that understanding, the following suggestions should not be considered legal advice.
That said, we want to make it as easy as possible for you to verify that Pathwright – and your use of it – is compliant. This article explains how Pathwright complies with GDPR regulations and includes an overview of features within Pathwright that will help you stay compliant based on your own usage of personal data obtained through Pathwright.
Pathwright maintains GDPR Compliance
We've never been in the business of selling data or collecting any more personal data on you or your learners than absolutely necessary. Additionally, security and privacy have always been essential to us, so compliance with GDPR didn't required us to change much about how we use and secure data.
To maintain Pathwright's GDPR compliance we:
Updated Pathwright's Privacy Policy and Terms of Use (effective May 25th).
Appointed a “Data Protection Officer” who is responsible for monitoring all of our data use and security for ongoing compliance. Our Data Protection Officer is Mark Johnson, the CTO of Pathwright.
Verify all our third-party data processors for GDPR compliance.
Provide DPA agreements on request (contact us at secure@pathwright.com or using the messenger below to request a DPA agreement).
Tips for keeping your use of Pathwright GDPR Compliant
1) Link to or create your own privacy policy
To be compliant, your privacy policy should clearly address the GDPR requirements in simple language. After May 25th, 2018, when a new member signs up for your account, they will be able to agree to your own custom privacy policy (if provided) in addition to the Pathwright Terms of Use and Privacy Policy.
Find detailed instructions for adding your own custom privacy policy here.
2) Enable an opt-in consent checkbox
In addition to sharing how you collect and use data in your privacy policy, GDPR requires you to receive unambiguous, opt-in consent from your members in order to do things like send promotional emails to them or share their data. Again, we recommend consulting a legal professional if you're wondering if you're required to use this option based on how you use your member data, but here's an article others have found helpful: read the article here.
Find detailed instructions for adding an opt-in consent checkbox and exporting records here.
3) Manage access, export, and deletion of EU member data
Under GDPR, your EU members have a right to access and export the data you collect from them, update it, and have it permanently deleted within 30 days of their request. We’ve outlined how you can accomplish this in our new Privacy Policy, but here’s the short version:
Your members can view and update the personal data Pathwright stores about them on their profile at anytime.
If a member requests that you permanently delete the data Pathwright stores about them, then please notify us at hello@pathwright.com or via the in-app messenger, and we’ll ensure that the data is removed from our systems permanently within 30 days.
If one of your members requests an export of data that’s not already exportable from within Pathwright, please let us know through the same channel, and we’ll fulfill the request.
We’ll be posting any other updates to our GDPR compliance on this article, so be sure to check back. If you have any questions regarding GDPR and Pathwright that aren't answered here, just message us.