How Tengu complies with GDPR: an interview with our DPO

Posted on Nov 18, 2019 2:33:12 PM

As, one of our company values is transparancy, and we often get the question if we are compliant with GDPR and how we do this, we thought is was a good idea to give some more insights into this with a blogpost. That's why we have asked our DPO, Merijn De Mil, to participate in an open and honest interview about how we make sure we comply with GDPR for our products and internal processes. Continue reading to find out all about it.

Does the DataOps platform comply with GDPR & all its data subject rights, responsibilities and obligations?

The Tengu DataOps platform is completely compliant with GDPR. Policies have been written and more importantly are being adhered to for our own employees with best practices, procedures have been put in place to react when something happens that threatens the liberties of the personal data in our possession and all the rights of data subject are respected.

Tengu, the platform operates solely as a processor according to Article 28, this means that we never go and mine the data ourselves but always work as processor for a controller using the DataOps platform. In other words, we only process data through Tengu, which is coming from our clients. We require a processor agreement from all our controllers. We don’t have a single client who hasn’t signed such an agreement.

How about the marketing & sales tools Tengu uses?

Tengu's sales & marketing team uses different platforms for their daily activities. Different processing activities always require an analysis of what the activity is, how it is being used and more importantly, how the personal data is being used. Since we use cloud-based programs we always verify these programs are compliant as well with the privacy regulation.

How does Tengu control & process my personal identifiable information?

This is strictly measured and in compliance with Tengu's privacy policy. Every employee and partner knows and understands these policies.

Does Tengu have the right processes in place according to you?

Being GDPR compliant is a continuous process. Tengu has put a lot of measures in place since the beginning of GDPR. As new opportunities arise, new processing activities will follow.

GDPR is not a set and forget kind of thing. It is my job as a DPO to make sure Tengu adheres to the regulations, as well as not being too intrusive to the daily life.

Still have questions about our GDPR policies and processes? Do not hesistate to contact us about them.

Topics: GDPR

Daphné De Troch

Written by Daphné De Troch

Growth Marketer at Tengu.io