Skip to main content
Privacy and GDPR
Olav Harald Våge avatar
Written by Olav Harald Våge
Updated over 8 months ago

What is GDPR?

GDPR (abbreviation for General Data Protection Regulatory), is the EU's new regulation for personal protection, which entered into force on 25 May 2018.

The regulation is implemented in all local privacy laws throughout the EU and the EEA area. It applies to all companies that sell to and store personal information about European citizens, including companies on other continents. It gives EU and EEA residents greater control over their own personal data and ensures that the information is protected throughout Europe.

According to the regulation, personal data includes all information that can be related to a person, e.g. name, picture, e-mail address, bank details, information about your current and/or previous locations, IP address, or the like.

We at Brevio take privacy seriously, and are committed to protecting all our users' information. To achieve this goal, the company has implemented many controls to ensure compliance with the GDPR. Read below for more information.

Who does GDPR affect?

The GDPR applies to organizations located in the EU, and to organizations located outside the EU if they offer goods or services to, or monitor the behavior of, natural persons from the EU. It applies to all companies that process and own personal data about registered persons who reside in the EU, regardless of the company's location.

What does Brevio do to comply with GDPR?

Brevio has privacy and data security as a central focus area, and works actively with (built-in) privacy in all our business and development processes. Attached is a list of some of the steps we have taken to ensure compliance with the regulation:

  • Implemented an information security management system (ISMS)

  • Appointed security and privacy officer

  • All data is encrypted both "at rest" and "in transit"

  • Annual risk and impact assessments for information security and privacy

  • GDPR harmonized data processor agreements with all subcontractors

  • Implemented routines for built-in privacy in all business processes

  • Implemented controls for the protection of personal data

  • Training in privacy and security awareness

  • Created internal procedures for compliance with the right to:

    • Access to own personal data.

    • To be able to withdraw consent given to the company for the use of personal data

    • To transfer information from one service provider to another.

    • Information before information is collected.

    • Updating information if it is out of date, incomplete or incorrect.

    • To request that your information is not used in data processing. The information can still be stored but it should not be used.

    • To oppose the processing of personal data for use in direct marketing.

    • Notification in the event of a data breach that may have consequences for individuals' information (within 72 hours after the breach was discovered)

For further questions related to information security, privacy or GDPR, these can be addressed to [email protected].

Did this answer your question?