The EU General Data Protection Regulation (GDPR) is a new comprehensive data protection law that comes into effect on May 25, 2018. It will replace existing EU Data Protection law to strengthen the protection of personal data and the rights of the individual. It will be a single set of rules which govern the processing and monitoring of EU data.
At Lyceum, we have been working over the past several months to move towards GDPR compliance and build a strong data protection framework for all our users. This is a massive overhaul of our processes and product features to ensure we're meeting obligations and implementing the right actions for our users.
Here are some of the key steps we have taken to ensure we're setting up ourselves to meet GDPR obligations:
We've improved the navigation and organisation of these policies to make it easier for you to find what you're looking for. We've also explained our practices in more detail, and with clearer language.
Since we use third-party suppliers to make Hippo Video available, we have updated our Data Processing Agreements (DPAs) that commit our vendors to uphold data protection standards defined under GDPR.
We recognise that it's important for you to control your information. Hence, our team has built the necessary features which give greater visibility and control to our users on how their data is used by us.
This includes the option to opt out of marketing analytics & communication, deleting account and all data associated with it, and better access to information on how user data is stored and processed.
We recognise that protection of your data involves us. Thus, we have completed an internal audit of how we handle the personal data of our users.
The audit covered, in detail, what kind of personal data we process, where that data is stored, and what employees have access to it.
We have also reviewed our vendors who process this data and have taken efforts to validate if they are following the GDPR guidelines around data protection. We are also in the process of instituting policies around data storage, data access, and data retention.
We are ensuring that we are GDPR compliant and keep our efforts towards progressing it. If you have any questions regarding this, you can reach out to us at firstname.lastname@example.org