DecisionWise and the GDPR

At DecisionWise, we are committed to keeping your data safe, and we are on track to comply with the EU’s General Data Privacy Regulation (GDPR) by May 25, 2018. I am the Data Protection Officer for DecisionWise, and I am writing this article to describe our current efforts to comply with the GDPR requirements.

DecisionWise is a tech-enabled service provider to employers and leadership teams around the globe. We provide our clients with surveys, assessments, and advisory services that are designed to help them understand their organizational culture, leadership styles, workforce dynamics, and the employee experiences at the organization, team, and individual levels. We never sell or share a data subject’s personal data with third parties.

In the context of our GDPR roll-out, here is what we have accomplished so far:

  • Our general privacy policy has been revised to comply with the GDPR and is available at decision-wise.com. We commit to following our general privacy policy.
  • We have also certified with the EU – US Privacy Shield Program to cover data transfers to the United States. To obtain more information and to view our certification, please visit privacyshield.gov.
  • All individuals taking a survey that we administer will now be given the opportunity to either consent to the survey and the processing of their data, or they may refuse to take the survey without penalty of any kind. A refusal to participate will not be recorded or provided to their employer.
  • For visitors to our website, we are providing a consent button to make sure they understand that we use cookies for marketing purposes only (all marketing data we collect is never sold or given to any other person).
  • We have been training our employees on how to deal with GDPR issues in order to ensure that all WiseGuys are familiar with the GDPR and its requirements and so that they understand our commitment to data privacy, security, and protection.
  • We are training our Affiliate Partners (our international business partners) in the same way we are training our employees.
  • We will also have a local GDPR representative. Contact information for our GDPR representative will be found in our general privacy policy, as we complete that process.
  • We have upgraded our security infrastructure to be more robust in its abilities to protect and secure our client’s data, and we continue to train our people on data protection/security best practices.

The following are some key GDPR principles as defined by Data Protection Authorities, such as the UK’s Information Commissioner’s Office, www.ico.org.uk. At DecisionWise, we are committed to complying with these principles, and we promise to do our best to ensure that your personal data is protected and private.

Consent

Consent means offering individuals real choice and control that must be freely given; this means giving people genuine, ongoing choice and control over how businesses use individual’s data. Genuine consent should put individuals in charge and build trust and engagement.

Individual Rights

Individuals are granted the following rights under the GDPR:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

(For more information on these individual rights, please see: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/).

Personal data
Personal data is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier

Data Controller  
A data controller is a person who (either alone or jointly or in common with other persons) determine the purposes for which and the manner in which any personal data are, or are to be processed.

Data Processor
In relation to personal data, a data processor is any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

Sub-processor
A sub-processor can be engaged by the processor. A sub-processor can process personal data on behalf of the data exporter and is often a third-party.

While the GDPR has created additional administrative burdens for DecisionWise, we recognize that in our modern digital world there is a strong need to protect individuals’ personal data.  Therefore, we are doing our best to faithfully comply with the GDPR. For more information about our efforts to comply with the GDPR, please contact us at privacy@decision-wise.com.