Newscycle is firmly committed to helping our customers in their efforts to comply with the GDPR through our robust privacy and security protections. Read our FAQs to learn more.
Q1. Who must comply with the GDPR?
A. Companies located within the EU and companies located outside of the EU that offer goods or services to (or monitor the behavior of) EU residents and who act as either a controller or processor of private data must comply with the GDPR. All companies that process or hold the personal data of EU residents, regardless of the company’s location, are subject to the GDPR.
Q2. How is personal data defined under the GDPR?
A. Personal data is defined in the GDPR as any information by which a living individual is identified or identifiable (by anyone), whether directly or indirectly (i.e., in combination with other information held by the data controller). This includes, but is not limited to, names, addresses, email addresses, phone numbers and online identifiers, such as IP addresses.
Q3. Is Newscycle a data controller or data processor for its products under GDPR?
A. Newscycle is a data processor. Newscycle is not a data controller for our customers, and as a processor, does not control any of its customers’ data.
Q4. Will Newscycle be able to meet its obligations under GDPR by May 25, 2018?
A. Newscycle began preparing for GDPR in January of 2017 and has an active GDPR project in place involving all business areas of the company to ensure material GDPR readiness by May 25, 2018.
Q5. What steps has Newscycle taken to become GDPR ready?
A. Newscycle has:
* Established a governance structure for oversight of Newscycle’s GDPR efforts
* Created an international project team of Newscycle employees from its Audit and Compliance, Development, Finance, Hosting, Human Resources, Legal, Marketing, Product Management, Sales, and Support departments.
* Engaged with external experts to assist in its GDPR compliance efforts
* Designed and revised internal policies and procedures to ensure that they incorporate GDPR mandates
* Reviewed the readiness of third party systems that may collect or receive EU data from Newscycle systems by sending surveys to vendors, obtaining compliance statements from vendors, and determining whether third party vendors are on https://www.privacyshield.gov/list
* Reviewed its proprietary products to ensure that they can meet the rights of the individual under GDPR
Q6. Will Newscycle be able to demonstrate its efforts to address GDPR to a third-party?
A. Yes. Newscycle has developed a Data Privacy Impact Assessment to record the type and use of private data on EU citizens processed by its products and GDPR documentation logs are maintained. Newscycle will also be initiating a GDPR Audit Program in 2018, including the implementation of GDPR audit controls and the creation GDPR internal audit procedures.
Q7. Will Newscycle be modifying its products to help its customers meet their obligations under GDPR?
A. Newscycle has closely scrutinized all of its products and is creating software solutions and/or procedural solutions for its products to assist its customers with meeting their obligations under GDPR.
Q8. Has the Newscycle staff been provided with training on significance of the GDPR?
A. Yes. Relevant staff members have been provided with GDPR awareness training.
Q9. Does Newscycle notify its customers if there is a data breach?
A. Yes. Newscycle’s breach process has been reviewed to ensure that any notifiable breaches are addressed as soon as possible, and notifications to appropriate parties will be made within 72 hours of the breach.
Q10. Will Newscycle complete the GDPR questionnaires submitted by its customers?
A. No. This FAQ is intended to cover all such questionnaires.
Q11. Can Newscycle provide a certificate of compliance with the GDPR?
A. No. There is not a certificate of compliance or audit program to demonstrate compliance with the law available at this time as many aspects of the law are still open to competing interpretations.
Newscycle will, however, provide information about its policies and be available to answer your questions about how Newscycle is addressing various provisions of the law upon request. If you have specific questions about Newscycle’s GDPR preparations, they may be sent to GDPR.firstname.lastname@example.org.
Q12: Do Newscycle’s efforts guarantee my company’s compliance with the GDPR?
A. No. Newscycle has designed its products to facilitate your compliance with GDPR as a controller, but many aspects of compliance with GDPR and other privacy laws are under the sole control of the company that ultimately benefits from (and makes decisions about) the collection of personal information. You must work with your privacy office or legal counsel to ensure your programs comply.
Note: Though GDPR sets out requirements for a data controller (your organization) and a data processor (Newscycle), it does not lay out specific guidelines regarding the terms of an agreement between a data controller and a data processor. We anticipate additional information intended to provide further guidance and clarity on the law as it relates to customer agreements will be made available in the coming months. Newscycle, therefore, believes amending our agreement with you is premature at this time. If you have specific questions about your agreement with Newscycle as it relates to GDPR, please contact GDPR.email@example.com.