At MonkeyLearn, we have been working hard to research and prepare for GDPR.
Under GDPR, MonkeyLearn qualifies as both a data processor and a data controller. We qualify as a controller with respect to our visitors and customers who interact with any domain on our platform. We are also a processor with respect to the end users whose data MonkeyLearn receives via our customers.
Here are some of the things we’ve been doing to ensure that we are compliant, and that all of our internal processes with regard to user and customer data are legal and transparent.
New Features:
We have made changes to our platform that will allow for users to make changes, delete, and request their personal data. See how to exercise GDPR rights with MonkeyLearn for more information.
New Security Measures:
We have carried out a gap analysis on how all of our data is processed internally, ran an internal audit, and ensuring that only the correct people have access. We are also building out policy, processes and steps to communicate any potential data breaches.
Product with Privacy in Mind:
We have updated our privacy policy to reflect changes under GDPR, and have adopted the policy of “Privacy by Design” as mandated by the regulation. This will ensure that all future product developments in MonkeyLearn will be made with the consideration of privacy issues and data protection measures such as data minimization and pseudonymisation.
Reviewing all Operational Processes:
We have reviewed all of our internal processes for sales, marketing and operations to ensure that all data we work with complies with the lawfulness for data processing established by the GDPR. See the data MonkeyLearn collects, and why.
Compliance with Vendors
We are reviewing all of the vendors we work with and establishing GDPR compliance with each of them. See our list of vendors for more information.
Data Processing Agreement:
We have updated our Data Processing Agreement (DPA) to reflect both regulatory and operational changes related to GDPR. See DPA for more information.
Data Compliance Officer:
GDPR requires that organizations appoint a Data Compliance Office (DPO) if those organizations are a public authority, require regular and systematic monitoring of data subjects on a large scale, or work with special categories of data relating to criminal convictions. MonkeyLearn does not fall into these categories so we are not required to appoint a DPO.