Toca Boca is committed to compliance with the General Data Protection Regulation (GDPR), which will go into effect May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.
Our customers can trust that Toca Boca has made GDPR a priority and has devoted significant and strategic resources toward our efforts to comply with GDPR. This post outlines our approach and progress to date.
What are we doing?
Below are a few examples of initiatives Toca Boca has committed to in order to satisfy GDPR requirements that apply to both Toca Boca and our customers:
• Establish a transparent framework to measure our software development and data management practices.
• Committing to follow any additional security and privacy measures required under GDPR.
• Where we are transferring data outside of the EU, committing to appropriate data transfer mechanisms as required by GDPR.
• Assisting with respect to security and privacy of processing, notifying regulators of breaches, and promptly communicating any breaches to customers and user.
• Assisting with data processing security and privacy requirements, notifying regulators of personal data breaches and promptly communicating any such breaches to our customers and end-users.
• Ensuring Toca Boca staff that access and process Toca Boca customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
• Holding any vendors that handle personal data to the same data management, security, and privacy practices and standards to which we hold ourselves.
• Committing to carrying out data impact assessments and consulting with EU regulators where appropriate.