G2 Crowd Current Position and Outlook - GDPR

Last Updated on April 11th, 2018.

About GDPR

The GDPR or General Data Protection Regulation is a pivotal piece of legislation becoming active in May of 2018 that is aimed at providing citizens of the European Union greater control over their personal data protection and privacy.

Significance

With the introduction of GDPR, both customers and businesses will experience a considerable shift in the way personal data is gathered, processed, maintained, and protected. G2 Crowd understands the need for legislation to protect our users’ privacy and takes this privacy very seriously. G2 Crowd is committed to take proactive measures to become GDPR compliant and maintain compliance moving forward.

Readiness Program

In November 2017, G2 Crowd retained Navigant to assist with its GDPR readiness program. The Navigant team consists of privacy consultants who formerly worked for the European Data Protection Supervisor’s office and the Federal Bureau of Investigation. Alongside Navigant, G2 Crowd will utilize a collection of fortified, defendable documentation to ensure compliance with all points of GDPR and support the maintenance of GDPR compliance. Additionally, G2 Crowd will adopt the necessary strategies for providing users’ rights to access in order to modify, transfer, or erase their data.

Framework

G2 Crowd is currently working with Navigant to complete a GDPR readiness program. The readiness program activities map directly to the articles set forth in the GDPR and align with guidance provided by EU data protection authorities. Below are some key initiatives included within the readiness program:

Establishing a Privacy Counsel:

  • Formation of an internal team responsible for managing and maintaining data privacy and information security moving forward
  • Provide extensive data privacy training for all individuals involved in the handling of personal data

Data Inventory:

  • Creation of a registry containing all personal data holdings as required by GDPR as well as records of policies and procedures in place to facilitate the security of those holdings
  • G2 Crowd will be closely monitoring all ways in which users’ data is being collected and stored by actively maintaining and updating this inventory.

Privacy-By-Design:

  • The integration of privacy features into the functionality of all marketing, product, and service systems that retain personal data of people in the EU
  • G2 Crowd will leverage existing technology within our environment and evaluate what enhancements we can make in order to fulfill or assist with GDPR compliance.
  • Additionally, we will assess the risks of introducing supplementary information security tools to further enhance the compliance of our improved framework.

Data Privacy Impact Assessments (DPIAs):

  • Development of screening procedures that allow us to formally evaluate the risks presented to our users through the collection of information
  • As the design of our processes is further improved to comply with GDPR, G2 Crowd will be utilizing DPIAs to inspect all elements and determine the efficacy as well as the safety of each tool we leverage.

Data Privacy Policy and Privacy Notices:

  • Updates to existing Privacy Policy to ensure it meets the GDPR requirements of being concise, transparent, intelligible, and easily accessible

Data Subject Rights:

  • The extension of existing policies and development of new, improved procedures to allow users’ full rights to access, transfer, and erase personal data, as well as exercise their right to be forgotten
  • G2 Crowd will be implementing processes to handle inquiries regarding users’ personal data.
  • G2 Crowd will be integrating tools to quickly and efficiently locate users’ information within our repositories enabling users easy access for transfer, alteration, and erasure.

GDPR Compliance Maintenance:

  • Construction of procedures for the evaluation of vendors as well as future processes and programs for G2 Crowd to remain in compliance with GDPR moving forward.

Who to contact with questions: gdpr@g2crowd.com