Recollective and the GDPR

Complying with an expanding set of global privacy and IT security obligations such as GDPR can be daunting. Learn how Recollective helps researchers.

Contents

Recollective actively supports its customers’ compliance with Canadian and European data protection requirements, including those set out in the General Data Protection Regulation (GDPR), which replaced the EU Data Protection Directive (also known as “Directive 95/46/EC“) and became enforceable on May 25, 2018.

If an organization collects, transmits, hosts or analyzes personal data of EU citizens, GDPR requires the organization (you) to use third-party data processors (Recollective) who guarantee their ability to implement the technical and organizational requirements of the GDPR. That is done using a Data Processing Agreement (“DPA”).

Recollective's DPA governs the relationship between your organization and Recollective (acting as a data processor). The DPA facilitates your compliance with obligations under EU data protection law but it's important to note that you're still responsible for using those tools to ensure your own compliance. That includes:

  • Responding to requests from data subjects to correct, amend or delete personal data
  • Obtaining proper consent and ensuring data is removed once processing is complete
  • Reporting personal data breaches to relevant supervisory authorities and data subjects in accordance with GDPR timeframes
  • Demonstrating compliance with the GDPR as pertaining to Recollective's Services.

Note that the California Consumer Privacy Act (CCPA) which came into effect on January 1, 2020 is very similar to the GDRP but has a few important differences. Learn more about Recollective and the CCPA.

Further information is provided in the webinar recording shared below which outlines Recollective's efforts to help our customers comply to the GDPR (and now also the CCPA).

No items found.

Get started with Recollective