GDPR Compliance Statement

What is the GDPR?

The European Union (EU) has issued a new regulation, the General Data Protection Regulation (GDPR), which went into effect on May 25, 2018. This regulation signifies the largest change in data privacy regulation history in over 20 years, and is comprised of a new set of laws that aim to provide increased protection of EU citizens’ personal data. The GDPR applies to all organizations (including CANDDi) that handle, control, or process the data of EU citizens, regardless of where in the world those organizations are based.

Key changes to prior data protection regulations include increased territorial scope and applicability, changes to breach notification and penalties, and increased conditions for consent. Under the GDPR, EU citizens possess rights related to the following: data breach, right to access data, right to be forgotten, data portability, privacy by design, and more.

GDPR compliance encompasses two distinct roles: data controllers and data processors. As defined by GDPR guidelines, a data controller is a person, public authority, agency, or other body which determines the purposes and means of processing personal data. You (the client) are a data controller. A data processor, on the other hand, is an entity (person, public authority, agency, or other body) which processes personal data on behalf of the data controller under the controller’s instructions. CANDDi is a data processor. Data controllers should use data processors that can effectively demonstrate their compliance with the GDPR. You can learn more about the new GDPR regulations here and here.

Our Commitment to GDPR Compliance

CANDDi takes data protection and security seriously for all of our clients, and we’re committed to becoming compliant with GDPR regulations. Our team has been working for months to ensure that we address the GDPR from a product, legal, and process standpoint.

Data protection has always been a top priority for CANDDi, and we strive to communicate information with transparency. We’ve created the roadmap below to help you better understand the steps we’ve already taken to maximize data protection, along with the actions we’re currently taking as an organization to become GDPR compliant. If you are a CANDDi client and you have any questions or concerns about the information on this page, please reach out to our client support team and we’ll be happy to assist.

Please note: The information on this page is provided for informational purposes only and does not constitute legal analysis and/or advice. Please consult with legal counsel to understand all legal implications of the GDPR and how they relate to your business practices.

CANDDi GDPR Compliance Roadmap

We have been working to adhere to the following GDPR roadmap

Obtain Cyber Essentials Security certification.
Thoroughly research the areas of our product and business impacted by GDPR.
Appoint a Data Protection Officer. (Tim Langley)
Develop a guidelines and a strategy for how to address the areas of our product impacted by GDPR.
Evolve our internal processes and procedures.
Thoroughly test all changes under the GDPR.
Update our privacy policy. (here)
Rewrite our Data Processing Agreement. (here)
Communicate our compliance.
Obtain independent GDPR compliance certification.

Data portability solutions and data management tools

To enable our clients (and ourselves) to comply with the new legislation we've constructed a full GDPR module within the CANDDi dashboard. This module enables clients to adhere to their responsibilities. For a full tour of this module click here

This module provides clients the ability to deliver the following individual rights

  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object

Note: CANDDi as a rule does not perform any automated decision making or profiling hence this individual right has not been covered

Cookies dropped by CANDDi tracking

In normal working usage CANDDi places several first-party cookies on a visitor's machine. For more information please see our Cookie Policy

Breach notification and ICO registration

CANDDi has been registered with the ICO since our formation in 2009 - you can find our details on the ICO website - Registration number: Z2721392

Should a data-breach occur then CANDDi will comply fully with our obligations to inform the ICO and the relevant client and will fully cooperate with any investigation




Click here for more information on how CANDDi can help with your GDPR compliance

More on GDPR