OSF Digital’s Commitment to the General Data Protection Regulation (GDPR)

Revision Date: February 2024

What is the GDPR?

The General Data Protection Act (GDPR) is a legal framework that establishes guidelines for the collection and processing of personal information of individuals within the European Union (EU) and has been in effect since May 25, 2018.

The GDPR regulates the processing of personal data, including its collection, storage, transfer or use, about individuals in the European Union. Most importantly, under the GDPR, the concept of “personal data” covers any information relating to an identified or identifiable individual (also called a “data subject”).

It gives data subjects rights and comprehensive control over their data by regulating how companies must handle and store the personal data they collect.

The GDPR enhances EU individuals’ privacy rights and places a stronger set of obligations on how organizations handle data.

Commitment Statement

OSF Digital is fully committed to achieving and maintaining ongoing compliance with the GDPR. We have always had a robust data protection program in place that complies with existing laws and adheres to the data protection principles.

Our goal is to safeguard personal information and to develop a data protection regime that is effective, purposeful, and demonstrates an understanding and appreciation for the GDPR.

Our objectives for GDPR compliance have been summarized in this statement and include the development and implementation of data protection roles, policies, procedures, controls and measures to ensure ongoing compliance.

Where Do We Stand?

The GDPR is a complex legislation, and we’ve been working since 2017 to ensure compliance with this regulation. The privacy and security of our customers (and their customers), partners and candidates are of utmost importance to us.

Here’s a condensed version of our GDPR Roadmap detailing the various considered elements:

  • OSF has a designated Data Protection Officer (DPO) and data privacy team focused on complying with the data protection requirements. The team is responsible for promoting awareness of the GDPR across the organization, for assessing our GDPR compliance, and identifying and remedying any gap areas;
  • Research into how the products and services we offer are impacted by GDPR.
  • Ongoing inventory of all personal data that we control.
  • Regular reviews of our Privacy Statement.
  • Maintaining GDPR-compliant services with regards to email and the capturing and tracking of personal data on our website.
  • Regular testing of our processes to verify and validate compliance with GDPR.

What's Next?

At OSF, we are committed to delivering an exceptional customer experience and we will continue to make operational changes as required. We will keep our clients, partners, candidates and regulatory and supervisory authorities informed throughout this process. Our company has an internal cross-functional team dedicated to monitoring and informing stakeholders about necessary measures for GDPR compliance.

If you have any questions, please don't hesitate to contact us at [email protected].