FluidReview and GDPR: What you need to know

The General Data Protection Regulation (GDPR) is fast approaching. We wanted to update you on what we’re doing here at FluidReview to ensure we’re compliant with the upcoming May 25th, 2018 deadline.

Data privacy and security has always been a top priority at FluidReview by SurveyMonkey, and we work ensure that our privacy standards are first class. GDPR is no different, and we’re taking the necessary steps to ensure that all requirements are fully met.

What is GDPR?

Set to take effect in May 2018, the General Data Protection Regulation (GDPR) addresses the vast changes that have taken place in the technological arena over the past two decades. GDPR seeks to harmonise the approach to data protection matters across Europe by establishing a single set of rules. It replaces the Data Protection Directive which has been law across the European Union for the past 20 years.

Why is GDPR important?

The impact of GDPR will be significant as it affects any business that collects data in or from Europe, whether they’re based in Europe or not. GDPR requires all types of businesses to give individuals greater visibility and control of the data they provide to those businesses.

What are we doing about it?

You can find a comprehensive overview of what SurveyMonkey is doing across all products here. We see GDPR as an opportunity to continue our long tradition of protecting your data and giving you more control.

FluidReview already uses SOC II certified data servers in Canada and the United States. We are aware of the new and increased security requirements that GDPR introduces and will continue to evaluate our practices to ensure they align with best-in-class industry standards. We are implementing features to put control of account deletion into the hands of account owners, and ensuring that administrators can quickly respond to data retention, modification, and deletion requests.

We have introduced some changes to our customer-facing legal terms (e.g. terms of use, privacy policy and statements, data processing agreement) to enable FluidReview and its customers to comply with GDPR requirements. In accordance with our Terms of Use, we will notify our customers of any changes in advance of them being implemented.

We will also be making some in-product improvements on how administrators can handle data requests, such as being able to provide all content that an applicant has uploaded to an application, manage accounts (including deleting accounts and/or applications), as well as enabling users to delete their own accounts.

For security, we provide:

• Data protection with encryption in transit
• Access control for both authentication and authorization
• Continuous network & security monitoring
• Vulnerability management
• Incident response and recovery
• Ongoing security awareness training
• Periodic independent 3rd-party security reviews and penetration testing
• EU-US Privacy shield certification
• PCI DSS 3.2

Have questions?

If you have any additional questions about FluidReview and GDPR, please reach out to our support team.