The European Union’s General Data Protection Regulation (GDPR) became enforceable in May 2018.
The core aim of the GDPR is to protect all EU residents from privacy and data breaches, building upon the EU privacy directive of 1995.
The GDPR applies to all companies processing the personal data of people residing in the EU, regardless of the processing company’s location
Whispir worked to ensure GDPR compliance by 25 May 2018.
Whispir has implemented and maintains appropriate technical and organisational measures to meet the requirements of the GDPR and protect the rights of data subjects.
Whispir worked with its partners, customers and suppliers, both within the EU and outside the member states, to confirm all parties implement the changes required by the regulation.
Q: Is Whispir compliant to GDPR?
A: Whispir worked to ensure GDPR compliance by 25 May 2018.
Q: I’m a Whispir customer, how do I work with Whispir to ensure we’re both compliant?
A: If your company works with data belonging to an EU resident, you need to comply with the GDPR. Once you are compliant, Whispir will transfer and handle the data as required by the GDPR, to ensure your company remains compliant while working with Whispir.
Q: I’m a Whispir partner, how do I work with Whispir to ensure we’re both compliant and our meeting the regulation requirements for our customers?
A: If your company works with data belonging to an EU resident, you need to comply with the GDPR. Whispir is working toward ensuring all activities comply with GDPR requirements and will work closely with its partners to safeguard against any breaches of the regulations.
Q: Does Whispir have operations in the EU?
A: Whispir does not have an office in the EU but works with partners and customers who do operate in the EU. Whispir is likely to be processing and transferring data belonging to EU residents, thus requiring Whispir to comply with the terms and conditions of the GDPR, no matter where the data is processed.
Q: Does Whispir have a Data Protection Agreement (DPA)?
A: We have amended our Terms and Conditions to include our Data Protection Agreement. If you company requires GDPR compliance we recommend you contact us via our Contact Us page: whispir.com.au/contact
Q: What happens if my company doesn’t comply?
A: The GDPR will be enforced by a tiered financial penalty scheme. The rules set out by the GDPR are enforceable and punishable. Companies will be found negligible if suppliers, customers and partners fail to meet the requirements set out by the GDPR while handling data originally captured by them. Whispir strongly recommends compliance.
Q: Our company doesn’t have an office in the EU? Does this still apply to us?
A: Yes – if you process personal data of an EU resident then GDPR applies to your organisation. It extends the scope of the EU data protection law to all foreign companies processing data of EU residents. The GDPR is applicable to both data controllers and processors.
Q: Do you move data outside the EU?
A: We don’t move data outside the regions in which they operate. Our disaster recovery operations are also firmly contained within the region, so data from the EU will remain in the EU.
Q: What is Whispir’s data retention policy?
A: Whispir’s data retention policy can be found at whispir.com.au/data-retention-policy.
Q: I have more questions on how we work with Whispir and remain compliant – can you help?
A: You can find more information about our approach to privacy and information security at whispir.com/privacy-policy.
If you have any questions in relation to privacy and security, please use our Contact page.