OSF’s Commitment to the General Data Protection Regulation (GDPR)

Commitment Statement

The GDPR (General Data Protection Regulation) is a piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation will become in effect and enforceable on May 25, 2018.

OSF Digital is fully committed to achieving and upholding ongoing compliance with GDPR prior to the date it becomes in effect.

Where Do We Stand?

OSF began preparing and pursuing compliance in 2017. The GDPR is a complex legislation, and we’ve been working extensively to be sure we’re compliant with this new regulation. The privacy and security of our customers (and their customers), partners and candidates are of utmost importance to us.

Here’s a condensed version of our GDPR Roadmap detailing the various elements we’ve been working on in order to comply:

• Appointment of a Data Protection Officer.
• Thorough research into how the products and services we offer may be impacted by GDPR.
• Development of a strategy addressing the areas in our company impacted by GDPR.
• Creation of a precise inventory of all personal information that we control.
• Rewriting and updating our Privacy Policy.
• Implementation of an email Subscription Center.
• Performing all necessary changes to our internal processes and procedures to achieve and maintain compliance with GDPR.
• Updating our websites to be GDPR compliant in terms of the capturing and tracking of personal data.
• Thorough testing all of our changes to verify and validate compliance with GDPR.
• Finalizing and communicating that we are fully compliant.

Where Do You Stand?

As a current or future client or partner of OSF, now is a great time for you to begin preparing for the GDPR with regards to your data. Consider these tips:

Get to know GDPR: Familiarize yourself with the provisions of the new regulation, particularly how it may differ from your current data protection obligations and consider the relationships you have with both your clients and candidates.

Audit your data and processes for data capture: Consider creating an updated and precise inventory of all personal information that you control. Review your current controls and processes to ensure that they're adequate, and build a plan to address any gaps.

Stay informed: Stay abreast of updated regulatory guidance as it becomes available and consider consulting a legal expert to obtain assistance that is relative to your unique circumstances.

If you are a company outside of the EU, the regulation still affects you. The provisions of the GDPR apply to any organization that processes the personal data of individuals within the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU.

What is the GDPR?

The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in the past 20 years and will replace the 1995 Data Protection Directive.

The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. Most importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.

The GDPR enhances EU individuals’ privacy rights and places a stronger set of obligations on how organizations handle data.

What's Next?

At OSF, we strive to deliver an incredible customer experience and we will continue to make additional operational changes resulting from the new legislation as required. We will keep our clients, partners, candidates and regulatory authorities informed throughout this process. Our company has an internal cross-functional team who continue to monitor and inform our strategy for complying with GDPR.

If you have any questions, please don't hesitate to contact us at contact@osf.digital