Is Malcolm! GDPR compliant?
What is GDPR?
"GDPR" refers to The General Data Protection Regulation 2016/679. This is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
How does it apply to Malcolm?
Malcolm! collects, stores and processes data about our own customers - people signing up to Malcolm! and creating and managing instances. We may also - via Workflows - collect, store, process and transfer data about your customers.
When talking about GDPR it is important to understand the concept of the Data Controller and the Data Processor.
- The Data Controller determines the purposes for which and the means by which personal data is processed
- The Data Processor processes personal data only on behalf of the controller.
Is Malcolm! the Data Controller or the Data Processor?
In the context of information about our own customers, eg people who sign up for Malcolm! accounts and manage Instances we are the Data Controller.
In the context of information about your customers, eg information that is collected on your behalf via Workflows you create in Malcolm! we are the Data Processor only. You - as the Data Controller - have the obligation to ensure you are acting lawfully in accordance with the GDPR legislation.
What does all this mean?
If you have further questions about GDPR or wish to contact our Data Protection Officer you can contact us here.