General Data Protection Regulation (GDPR) (EU) 2016/679
LightSpeed VT actively takes steps to continually increase our product features and stay in accordance with industry best practices as far as the security of data and our user’s information.
What is GDPR?
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Because GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable.
How does the GDPR impact LightSpeed VT?
LightSpeed VT actively takes steps to continually increase our product features and stay in accordance with industry best practices as far as security of data and our user’s information. Due to the fact that LightSpeed VT is a data processor versus a data controller, it is the right as a data processor to not document our processing activities. Nonetheless, LightSpeed VT will follow the best practices of the GDPR will continue to keep and even be more transparent throughout our organization so that employees, customers, and partners may fully understand our commitment to security, data protection and the related practices needed to reinforce that commitment at all levels of engagement.
Article 30 of the Regulation states that organizations with fewer than 250 employees are not required to maintain a record of processing activities under its responsibility, unless “the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data or personal data relating to criminal convictions and offenses.”
Since we do not hold any special categories of data such as Race/Ethnic Origin, Religion / Philosophical Beliefs or Sexual Orientation and are not a risk to the freedoms of the data subjects we are exempt. What this means is we do not maintain DPIA (data protection impact assessments) or LIA (legitimate impact assessment) documents that a DPO in a larger company would create. LightSpeed VT may assist in an outside vendor in the creation of such documentation if needed. This does not mean that we do not have protection around our data, LightSpeed VT keeps subject data for only the needed time to complete the project, production or marketing campaign at hand, using organizational measures to protect all data against accidental loss or exposure. LightSpeed VT is always concerned about the privacy of data, as a processor of data that may be from a data subject of the EU, we work with companies to let them know immediately of any requests of data that are received.
The information above is not a comprehensive analysis of the GDPR and should not be considered legal advice. This information is meant to provide guidance and background information to help you better understand LightSpeed VT’s strategy to comply with the applicable requirements within the GDPR and how it may or may not affect you.