At Canvas, we embrace and celebrate uniqueness. Promoting the importance of diversity and inclusion is at the heart of our mission; equally imperative to us is one’s right to privacy.
We strive to be a trusted platform for all of our users and are committed to protecting the personal data shared with us. As more of our partners seek to expand their recruiting presence in Europe, Canvas prioritized our privacy program so that our customers can focus on their business priorities and less on vendor compliance.
We’re thrilled to announce that Canvas is now officially compliant with the EU General Data Protection Regulation (GDPR).
What is GDPR?
Intended to provide EU citizens with more control over their personal data, GDPR is a regulatory requirement designed to preserve individuals’ right to privacy and to protect their data. GDPR applies to any company that provides services to residents of the EU or that processes the personal data of EU residents, regardless of the location of the business.
The path to protection
In order to achieve GDPR compliance, we first reviewed internal processes and procedures, policies, systems, and customer requirements. With the core principles of GDPR in mind, we focused on answering the following questions:
- Are we being lawful, fair, and transparent with our practices?
- Are we clear about the reason we are processing the data? Is it understandable that the data we are processing is relevant to our purpose and limited to what is necessary to fulfill it?
- Do we make it clear that we will do our best to collect accurate data? Is it clear that individuals have the right to request their data be updated if necessary or that they can request to know what data has been collected, they can request that it be deleted and that we will use it for the necessary length of time to provide the services?
- Do we demonstrate our commitment to properly securing the data and to maintaining accountability standards such as CCPA?
What measures did Canvas take to become GDPR Compliant?
- We revised internal procedures to ensure that we are able to efficiently and effectively process any requests made by users related to their rights under GDPR, such as the ability to update their personal data, request their personal data records, and delete their data.
- We maintain industry best practices for data encryption in transit and at rest and compiled and audited a list of third-party subprocesses to ensure they meet GDPR requirements.
- We drafted a data processing addendum and in order to accept and process data in compliance with GDPR once the EU-US Privacy Shield was invalidated, we have made provisions to ensure all applicable service agreements utilize the European Commission’s standard contractual clauses (“SCCs”).
Ultimately, Canvas is serious about data privacy and remains committed to safeguarding the personal diversity data of all users, in all regulatory jurisdictions as demonstrated through our achievement of GDPR compliance.
If you have any questions about Canvas’s GDPR compliance, reach out to our team at [email protected].