GDPR - What Crisco is doing about it

Crisco has always honored its users’ rights to data privacy and protection...

What is GDPR?

GDPR is an EU-wide privacy and data protection law that regulates how EU residents' data is protected by companies and enhances the control the EU residents have, over their personal data...

What is personal data?

Any data that relates to an identifiable or identified individual...

How prepared is Crisco for GDPR?

We have acted on many fronts to adhere to this new regulation:

• We have raised awareness across the organization...
• We have assessed all Crisco products, individually, against the requirements of the GDPR...
• We have constituted an Information Management Document (IMD)...
• We have assessed our sub-processors...
• We have appointed internal privacy champions for all our teams...
• Our application teams have embraced the concept of privacy by design...
• We have amended our Data Processing Addendum...
• We conducted Data Protection Impact Assessments (DPIA)...
• We conducted internal audits of our products, processes, operations, and management...
• Based on the DPIAs and internal audits, we have improved our data security methods and processes...
• We have cleaned up our databases to ensure that we have only the latest and most accurate information...
• When needed, breach notifications will be done according to our internal Privacy Incident Response policy...
• We have revised our Privacy Policy to incorporate the requirements of the applicable privacy laws...