Like most software companies, at Balsamiq we have implemented changes to follow guidelines established by the European Union’s data privacy law General Data Processing Regulation or GDPR, which came into effect May 25, 2018.
After reading the legislation, we were pleased to find it is in alignment with our company philosophies related to data, privacy, and transparency with our users. A lot of work was put into this effort, but we know we still have more we can do to protect our community’s privacy.
What Has Balsamiq Done Related to GDPR?
So most of the work we have done was making it very clear that we do not sell or rent your data, ever. And we only keep what is required to provide you with those products and services.
Briefly, here are steps we have taken as of May 2018:
- Completed a company-wide audit of all our systems to identify:
- all data we collect
- where it is stored
- why we store it
- if there is no reason to continue to store it, create a plan for deleting it
- We developed initial drafts of internal policies related to:
- collecting and storing of employee data
- improving company procedures and training tools related to security and privacy concerns
- We updated our legal documents on the website:
- consolidated multiple documents into just three, all in one central location
- added a main Information Security page, which has answers to the most common questions found in security questionnaires
The work we’ve done is just a start. Just as with all the work we do at Balsamiq, we consider GDPR an ongoing project of continual kaizen improvement. We’ll be keeping GDPR in mind when doing internal reviews of our processes, designing new software, and establishing new programs.
Does Balsamiq Have a Data Protection Officer?
Is Balsamiq a Member of the EU-US Privacy Shield?
Do You Have a Data Processing Agreement?
No. In our preparation and research for GDPR, we believe that a DPA is not needed for Balsamiq. The reason is because we are a controller rather than a processor.
We do not sign additional agreements, so we will not be able to sign custom DPAs.
If you have any questions, please don’t hesitate to contact us at firstname.lastname@example.org.