Mindtickle and the General Data Protection Regulation (GDPR)

Mindtickle and the General Data Protection Regulation (GDPR)

On May 25 2018, a new data protection framework for the European Union (EU), the General Data Protection Regulation (GDPR), will come into effect. This is the most significant data protection legislation introduced in Europe in the past 20 years. It is intended to harmonize data privacy laws across Europe, protect and empower the data privacy of all EU citizens, and reshape the way organizations across the region approach data privacy.

Any organization that offers goods or services to EU citizens must comply with the GDPR.

At Mindtickle, we take data security seriously. We’ve been working hard to make sure we meet our obligations under the GDPR and are transparent about how we process data.

We are Here to Support our Customers

The GDPR clearly defines the roles that different organizations have when managing or dealing with personal data.

There are two major roles – Controllers and Processors. Controllers are organizations that deal with personal data. Mindtickle customers are Controllers because they collect data, decide what will it be used for, and how will it be used. Mindtickle plays the role of the Processor because Mindtickle processes this personal data, provided by the customers, on their behalf.

As Controllers, our customers own their users’ personal data on Mindtickle. We’re committed to helping our customers meet their obligations under the GDPR.

We are Here to Help our Customers

We have already implemented data security processes and controls to make sure that our customers can meet their GDPR obligations. These include:

Data Processing Addendum (DPA)

As Mindtickle is a Processor, our customers must have a Data Processing Addendum with us. We have a GDPR-compliant DPA that our customers can sign upon request. Amongst other things, our DPA includes a list of sub-processors for personal data, explains our breach notification procedures and our accountability & governance measures. If you are a Mindtickle customer, please contact us at infosec@mindtickle.com or contact your Customer Success Manager for a copy of your DPA.

EU-US Privacy Shield Certification

The EU-US Privacy Shield Framework, agreed upon between the European Commission and US Department of Commerce, is a framework for transferring personal data. We are certified under both, the EU-US Privacy Shield and the Swiss-US Privacy Shield, frameworks. This means we have met our obligations for international data transfer under EU data protection laws.

Best-in-Class Information Security

Information security is our highest priority. That is why we have technical and organizational measures in place which ensure that our customers’ personal data remains secure. We have:

  • Implemented comprehensive security policies, procedures, and controls to meet SOC 2 standards
  • Completed our SOC 2 Type 2 report through independent auditors
  • Implemented the following data security best practices for GDPR compliance:
    • Data minimization
    • Log pseudonymization
    • Data transparency

We also continue to create and invest in our security and compliance measures.

Privacy Policy

We have worked with independent auditors and lawyers to ensure our privacy policy meets the GDPR and the EU-US Privacy Shield Framework. Our policy outlines our commitment to maintaining the privacy of our customers’ personal data. It also explains what we have done to make sure our customers’ personal data is secure and what choices are available to them.

The Rights of Data Subjects

Our customers and their end-users can already access, correct, and modify their personal data stored on the Mindtickle platform. End-users can also contact us at infosec@mindtickle.com if they would like to access, correct, or remove their personal data. As a Processor, we will forward these requests to the relevant customers and help them respond, if needed.

Data Deletion

We have put in place robust mechanisms to delete our customers’ data upon request or at the end of their contract. Customers can also ask us to permanently delete their company data or individual users’ personal data stored on our platform, anytime. If you are a Mindtickle customer and would like to delete specific data, please contact us at infosec@mindtickle.com.

New Product Features

As a leader in Sales Readiness Software Solutions, we are always innovating and adding new product capabilities. Moving forward, our new product capabilities will follow three cornerstone principles

  1. They will be in line with GDPR principles of “privacy by design” and “privacy by default”.
  2. They will give both, EU and non-EU, customers flexibility within the GDPR guidelines.
  3. The changes will be communicated in as simple language as possible.

We are Here to Answer Your Questions

We are always happy to answer any questions about the privacy and security of our customers’ data, GDPR, or Sales Enablement, in general. Feel free to contact us at infosec@mindtickle.com.