On May 25th 2018 the 'General Data Protection Regulation (GDPR)' will guarantee the highest protection of personal data within the EU, bringing new standards in transparency and accountability for all companies which handle personal data.
In early 2017 Gelato formed a competent and experienced cross-functional project group that includes legal, security and technical experts. This team has created a road-map which is well underway for compliance ahead of the deadline.
What does GDPR mean for you?
In the GDPR scheme, there are Controllers and Processors for the Processing of Personal Data. Controllers determine the purposes and means of processing the data, and Processors hold or process the data on the Controller’s behalf.
Gelato is a Data Controller for the personal data of your users but acts as a Data Processor for the personal data included in the print files you want to print, as here are you a Data Controller. We, therefore, include our Data Processing Terms in our API User Terms.
As a Controller with a network of Processors, Gelato will enter into data processing agreements also with each print partner. You, a Gelato customer therefore, do not need to enter into any additional agreements once GDPR comes into force.
We believe, due to our preparations, Gelato Globe customers and partners can feel confident in continuing working with Gelato.