Data processing agreements are necessary under the GDPR between data controllers and data processors. Article 28(3) of the GDPR stipulates that there must be a contract in writing between the data controller and data processor which clearly sets out the subject matter of the processing and its duration as well as the nature and purposes of processing, the types of personal data and any particular special categories of data and the obligations and rights of both parties. When you sign up as a business to use Follco, you are signing up to our terms and conditions that incorporate a data processing agreement that meets the standards required by the GDPR. You are given a time-stamped copy of this agreement which you can download from your account admin area.
The GDPR contains at the core the principle of accountability. As part of the accountability principle, the GDPR lays out in Article 5 the requirement that personal data be processed in a transparent manner in relation to the data subject. Article 13 and 14 of the GDPR set out requirements for Privacy Notices. Further, Recital 60 states that transparency allows data subjects to be informed of the existence and purpose of any processing activity involving their data. Follco provides you with a Privacy Notice that meets requirements set out in the GDPR.
Follco has ensured that Privacy by Design has been implemented throughout the platform which further ensures that you are performing your electronic marketing in line with data protection and privacy compliance requirements. When you use Follco, you are provided with instruction, guidance, hints or tips (whichever is most appropriate) as you work your way through processes on the platform that will help you go about your business in as compliant a way as possible. Follco ensures you are aware of consent requirements and gives you access to a marketing-centric legitimate interest assessment that you can make use of to support legitimate interest as your basis for processing personal data for marketing purposes.
Follco provides you with audit trails and activity logs of your activity on the platform. You can see, always, what you have and haven't done with the data in your account. This is a vital aspect of being able to show your activities are compliant with data protection and privacy law. Furthermore, Follco gives you complete control over the data you upload onto the system which means you are able to fulfil your data subject requests and facilitate actions required when data subjects exercise their rights such as amending information and deleting information.
Follco doesn't allow the uploading and storage of unnecessary data. Article 25(2) covers processing only the data that is necessary for the purpose -> Follco needs very little data in the system to allow the business to perform marketing. Security under the GDPR is regulated under Article 32. https://gdpr-info.eu/art-32-gdpr/.
Follco has been designed with Data Protection by Design and Default in mind. Follco ensures data minimisation is adhered to by capturing only necessary fields of information and not allowing the uploading and storage of unnecessary data. Follco operates on minimal personal data to facilitate the business to perform marketing activities. Furthermore, Follco ensures security through various methods such as encryption over the databases that store personal data.