OSF’s Commitment to the General Data Protection Regulation (GDPR)

Revision Date: January 1, 2023

What is the GDPR?

The General Data Protection Act (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU) and is in effect since May 25, 2018.

The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. Most importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

It gives data subjects more rights and comprehensive control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached.

The GDPR enhances EU individuals’ privacy rights and places a stronger set of obligations on how organizations handle data.

Commitment Statement

OSF Digital is fully committed to achieving and upholding ongoing compliance with GDPR prior to the date it becomes in effect. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles.

OSF Digital is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the GDPR.

Our objectives for GDPR compliance have been summarized in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.

Where Do We Stand?

OSF began preparing and pursuing compliance in 2017. The GDPR is a complex legislation, and we’ve been working extensively to be sure we’re compliant with this regulation. The privacy and security of our customers (and their customers), partners and candidates are of utmost importance to us.

Here’s a condensed version of our GDPR Roadmap detailing the various elements we’ve been working on in order to comply:

  • Appointment of a Data Protection Officer →
    OSF has a designated Data Protection Officer (DPO) and has appointed a data privacy team to develop and implement its roadmap for complying with the new data protection requirements. The team is responsible for promoting awareness of the GDPR across the organization, for assessing our GDPR readiness, for identifying any gap areas and for implementing the new policies, procedures and measures;
  • Thorough research into how the products and services we offer are impacted by GDPR.
  • Development of a strategy addressing the areas in our company impacted by GDPR.
  • Creation of a precise inventory of all personal information that we control.
  • Rewriting and constantly updating our Privacy Policy.
  • Implementation of an E-mail Subscription Center.
  • Performing all necessary changes to our internal processes and procedures to achieve and maintain compliance with GDPR.
  • Updating our websites to be GDPR compliant in terms of the capturing and tracking of personal data.
  • Thorough testing all of our changes to verify and validate compliance with GDPR.

What's Next?

At OSF, we strive to deliver an incredible customer experience and we will continue to make additional operational changes resulting from the new legislation as required. We will keep our clients, partners, candidates and regulatory authorities informed throughout this process. Our company has an internal cross-functional team who continue to monitor and inform our stakeholders about necessary measures for complying with the GDPR.

If you have any questions, please don't hesitate to contact us at dataprotection@osf.digital.