Visdum GDPR Compliance Statement

Last Modified: 15th October 2024

Visdum’s GDPR Commitment
GDPR is an opportunity to build a stronger data protection foundation for the benefit of all. Visdum is committed to ensuring that our products and services are GDPR compliant.

GDPR Compliance Statement

Visdum has prepared this statement to provide our customers with information regarding the impact of the GDPR, the steps taken by Visdum to ensure our compliance with the GDPR, and the ways in which we can assist and support our accounts and users (as data controllers) with their respective obligations under the GDPR.

Overview of GDPR

The General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that regulates the use of personal data of EU residents and provides individuals rights to exercise control over their data. The GDPR does not only apply to European companies, it extends to any organization worldwide that targets or offers services or products to EU residents.

The GDPR requires companies to be transparent and accountable for their use of personal data, and to be able to demonstrate this to both regulators and the individuals concerned.

There is no requirement for personal data to stay in the EU, but transfers outside of the European Economic Area are restricted, meaning that unless the European Commission has assessed the country’s privacy regime and declared it to be “adequate”, the data must be further protected by contract, or other EU-approved means.

For any transfers to non-adequate countries, Visdum’s Data Processing Addendum incorporates such EU-approved means, namely the European Commission’s standard contractual clauses. Customers can rely on these protections to transfer EU personal data using our services.

Continue reading below to learn more about Visdum’s GDPR compliance.


Lawful Basis and Transparency

Requirement: Conduct an information audit to determine what information we process and who has access to it.
Response: An information audit is conducted quarterly, identifying the types of personal data we process, their purpose, who has access within our organization, third parties involved, and the protective measures that are in place.

Requirement: Establish a lawful basis for our data processing activities.
Response: At Visdum, we have established a lawful basis for all our data processing activities, including but not limited to obtaining explicit consent, fulfilling contractual obligations, and establishing legitimate business needs.

Requirement: Review and update the data privacy policy to ensure it is clear and comprehensive.
Response: At Visdum, our data privacy policy clearly explains what data we collect, why we collect it, how it is used, and the rights of data subjects. It is reviewed and updated regularly by the DPO.

Data Security

Requirement: Implement appropriate technical and organizational measures to ensure data security.
Response: At Visdum, we have implemented measures such as encryption, access controls, regular security assessments, and data anonymization to protect personal data from breaches and unauthorized access.

Requirement: Conduct a Data Protection Impact Assessment (DPIA) where appropriate.
Response: At Visdum, we conduct DPIAs for high-risk processing activities to identify and mitigate potential privacy risks, including assessing data types, processing purposes, and security measures.


Accountability and Governance

Requirement: Appoint a Data Protection Officer (DPO) if required.
Response: At Visdum, we have appointed a Data Protection Officer (DPO) to oversee our data protection strategy, ensure GDPR compliance, and act as a contact point for data subjects and supervisory authorities. The DPO can be reached at dpo@visdum.com

Requirement: Ensure that the data processors comply with GDPR requirements.
Response: At Visdum, we have signed Data Processing Agreements with all third-party processors, ensuring they comply with GDPR requirements and implement appropriate data protection measures.

Requirement: Implement mechanisms to facilitate data subject rights requests.
Response: At Visdum, we have implemented mechanisms to facilitate data subject rights requests, including procedures for access, rectification, erasure, restriction of processing, data portability, and objection, and respond promptly.

Requirement: Establish a process for handling data breaches and notifying the relevant authorities.
Response: At Visdum, we have a comprehensive process for detecting, reporting, and investigating data breaches. We notify the supervisory authority within 72 hours of becoming aware of a breach and inform affected individuals without undue delay.

Privacy Rights

Requirement: Review international data transfers to ensure compliance with GDPR requirements.
Response: At Visdum, we review our international data transfers on a quarterly basis to ensure they comply with GDPR requirements, using Standard Contractual Clauses, Binding Corporate Rules, or other approved mechanisms.

Requirement: Provide regular GDPR training and awareness for employees.
Response: At Visdum, we include GDPR training and awareness programs in our InfoSec training, ensuring employees understand their roles and responsibilities in protecting personal data and complying with GDPR. This training is conducted at the time of Employee Onboarding and also refreshed every six months or on ad hoc basis for important updates/changes.

Requirement: Ensure data protection by design and by default in the systems.
Response: At Visdum, we ensure data protection by design and by default in our systems, integrating data protection measures from the outset and by default into our business processes and systems, including pseudonymization and encryption.

Requirement: Maintain records of processing activities.
Response: At Visdum, we maintain detailed records of our processing activities, including the purposes of processing, data categories, data recipients, data protection measures, and retention periods. These records are available for regulatory review.

Requirement: Implement a data retention and deletion policy.
Response: At Visdum, we have implemented a data retention and deletion policy to ensure personal data is not kept longer than necessary. We securely delete data when it is no longer needed or upon request by the data subject.

Requirement: Implement mechanisms for obtaining, managing, and documenting consent.
Response: At Visdum, we have robust mechanisms for obtaining, managing, and documenting user consent for data processing activities, ensuring consent is freely given, specific, informed, and unambiguous. Users can easily withdraw consent at any time.


Contact Us
Please contact Visdum’s Data Protection Officer (DPO) with any questions or concerns.
Email: DPO@Visdum.com