GDPR-Compliance

GDPR-Compliance

We are partners in compliance with GDPR


Thinking Cap is committed to protecting your business and your data. As your data processor, we ensure that your information is safeguarded responsibly against inappropriate disclosure in an accurate, timely and attributable manner, and made available to those who should be available to access it.

We are continuing to build on our existing, robust data privacy practices in order to continue catering to our clients and providing them with effective solutions, whilst supporting data privacy practices. We also provide our clients with the tools and knowledge to be GDPR compliant with their customers.


What is the GDPR Compliance?

GDPR stands for the General Data Protection Regulation. The GDPR is the new European Union (“EU”) law that regulates the personal data of individuals in the EU. It replaces the EU Data Protection Directive, the EU’s current privacy law, which was been in place since 1995. The GDPR harmonises data protection law across Europe and introduces sweeping changes that require companies to make significant updates to their privacy and security policies and practices. It was enforced on May 25, 2018.


The very definition of personal data has changed, EU. Personal data is defined as any type of information that identifies or can be linked to an individual. Below are six categories to be aware of:

  • HistoricalAn individual’s history
  • Financial: Financial accounts, ownership, transactions or credit information.
  • Social: Personal or professional networks, family members, public life and communication.
  • Tracking: Computer devices, contacts and location.
  • External: Identifying information including ethnicity, sexuality, behavior, medical history, etc.
  • Internal: Knowledge and beliefs, passwords and identifiers and personal preferences.

New Rights customers have under GDPR:

  • Breach Notification: Notified about data breaches in a more timely manner, within 72 hours.
  • Right to Access: Customers have a right to access all data, free of charge.
  • Right to be Forgotten: Ability to request erasure of all collected personal data.
  • Data Portability: Customers can request that data be changed into a usable format to transmit to another provider
  • Privacy by Design: Expectation that providers will minimize data collection, retaining only what’s essential for task completion.
  • Data Collection Officers: Standardization of record keeping, and the potential appointment of a Data Protection Representative.

New Requirements For Organizations:

  • Increased Geographic Scope: The new rules apply to any entity dealing with customers located in the European Union. It no longer matters where your company is located.
  • Higher Penalties: Non-compliance is expensive, with fines totaling up to 4% of annual global turnover or 20 Million Euros, whichever is greater.
  • Required User Consent: Stronger consent requirements, and greater rights for individuals, mean significant planning for those collecting data.

Reach Out

At Thinking Cap, it is of vital importance to fulfill our privacy and data security commitments.  If you have any questions about how Thinking Cap can help you with compliance, or you have any privacy-related concerns, please reach out by contacting us at: doug@thinkingcap.com.



Ready to take the next step?

Book a demo