G2 Crowd Current Position and Outlook - GDPRLast Updated on April 11th, 2018.
The GDPR or General Data Protection Regulation is a pivotal piece of legislation becoming active in May of
2018 that is aimed at providing citizens of the European Union greater control over their personal data
protection and privacy.
With the introduction of GDPR, both customers and businesses will experience a considerable shift in the way
personal data is gathered, processed, maintained, and protected. G2 Crowd understands the need for
legislation to protect our users’ privacy and takes this privacy very seriously. G2 Crowd is committed to
take proactive measures to become GDPR compliant and maintain compliance moving forward.
In November 2017, G2 Crowd retained Navigant to assist with its GDPR readiness program. The Navigant team
consists of privacy consultants who formerly worked for the European Data Protection Supervisor’s office and
the Federal Bureau of Investigation. Alongside Navigant, G2 Crowd will utilize a collection of fortified,
defendable documentation to ensure compliance with all points of GDPR and support the maintenance of GDPR
compliance. Additionally, G2 Crowd will adopt the necessary strategies for providing users’ rights to access
in order to modify, transfer, or erase their data.
G2 Crowd is currently working with Navigant to complete a GDPR readiness program. The readiness program
activities map directly to the articles set forth in the GDPR and align with guidance provided by EU data
protection authorities. Below are some key initiatives included within the readiness program:
Establishing a Privacy Counsel:
- Formation of an internal team responsible for managing and maintaining data privacy and information
security moving forward
- Provide extensive data privacy training for all individuals involved in the handling of personal data
- Creation of a registry containing all personal data holdings as required by GDPR as well as records of
policies and procedures in place to facilitate the security of those holdings
- G2 Crowd will be closely monitoring all ways in which users’ data is being collected and stored by actively
maintaining and updating this inventory.
- The integration of privacy features into the functionality of all marketing, product, and service systems
that retain personal data of people in the EU
- G2 Crowd will leverage existing technology within our environment and evaluate what enhancements we can
make in order to fulfill or assist with GDPR compliance.
- Additionally, we will assess the risks of introducing supplementary information security tools to further
enhance the compliance of our improved framework.
Data Privacy Impact Assessments (DPIAs):
- Development of screening procedures that allow us to formally evaluate the risks presented to our users
through the collection of information
- As the design of our processes is further improved to comply with GDPR, G2 Crowd will be utilizing DPIAs to
inspect all elements and determine the efficacy as well as the safety of each tool we leverage.
intelligible, and easily accessible
Data Subject Rights:
- The extension of existing policies and development of new, improved procedures to allow users’ full rights to
access, transfer, and erase personal data, as well as exercise their right to be forgotten
- G2 Crowd will be implementing processes to handle inquiries regarding users’ personal data.
- G2 Crowd will be integrating tools to quickly and efficiently locate users’ information within our
repositories enabling users easy access for transfer, alteration, and erasure.
GDPR Compliance Maintenance:
- Construction of procedures for the evaluation of vendors as well as future processes and programs for
G2 Crowd to remain in compliance with GDPR moving forward.
Who to contact with questions: firstname.lastname@example.org