Fishbowl takes our compliance obligations and security of customer data seriously. It is our business model and has been since we started in the year 2000. Fishbowl’s dedication to maintaining the security of customer data means we are committed to complying with all applicable privacy laws wherever we do business.
As part of our global compliance efforts, Fishbowl is complying with the General Data Protection Regulation (GDPR) enacted by the European Union on May 25, 2018. The regulation is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.
Similar to existing privacy laws, compliance with the GDPR requires a partnership between Fishbowl (the Controller) and our customers (the Processor) in their use of our services. We have implemented those GDPR requirements that are specific to our Controller obligations, with enhancements to our products, contracts, internal processes, and documentation to support compliance.
In the ongoing process of meeting these compliance obligations, Fishbowl is using existing protections as a stable foundation. We will:
- Accept only opt-in permission-based data from our clients
- Provide a one click unsubscribe functionality on the bottom of all customer emails
- Operate within the requirements of the currently applicable data privacy frameworks including those of the UK and US
Fishbowl also has implemented a number of tasks designed to assess systems and ensure GDPR compliance. Specifically, we have:
- Completed an internal Data Protection Impact Assessment (DPIA) to discover what information we collect and how we use it.
- Certified for the Privacy Shield Framework
- Updated our documentation and processes regarding data storage and handling
- Implemented systems to ensure that customers and vendors alike are being held to the same privacy and security standards as are necessary to be GDPR compliant
- Updated our wording on customer-facing products and systems to reflect new privacy requirements regarding rights, consent, and transparency
- Ensured that the proper systems were in place to enable data subjects to request copies of their data, amend it, unsubscribe from any mailings they may receive, or delete their profile entirely with a focus on transparency and ease of use.
- Assigned a Data Protection Officer to oversee all issues related to ongoing GDPR compliance
Online Resources and Documentation
We will continue to communicate any necessary updates to GDPR compliant wording and processes on customer opt-in channels and promotional messaging communications.
To learn more about GDPR, you can visit the following GDPR-related sites:
- The Council of the European Union’s Recommendations on European Data Protection Certification
- EU GDPR.ORG
- The DMA UK
- The UK’s Information Commissioner’s Office (ICO)
- GDPR FAQs:
View Fishbowl’s current privacy policies to learn more about Fishbowl’s data protection policies.
Any questions pertaining to GDPR or other compliance obligations can be directed to our Data Protection Officer at firstname.lastname@example.org.