Securly’s GDPR Compliance Efforts

The EU General Data Protection Regulation (GDPR), which took effect on May 25, 2018, represents one of the most significant recent developments in privacy laws worldwide. Securly welcomes the GDPR as an important step forward in streamlining and strengthening data protection requirements across the EU.

Securly’s GDPR Compliance Actions

Under the GDPR, Securly acts generally as a data processor for personal data that we process on behalf of our customers (i.e., the schools) through their use of Securly’s services. We are dedicated to helping our customers comply with the GDPR, by enabling a partnership between Securly and our customers in their use of our services. Companies that are subject to the GDPR are required to have contracts with their data processors that contain certain terms and information. Thus, Securly has made enhancements to our products, systems, procedures and documentation to help support Securly’s and our customers’ compliance with the GDPR, including to create a Data Processing Addendum to meet that requirement.

Additional Steps Securly has taken to comply with GDPR

Privacy Policy, Children’s Policy and Terms. Securly reviewed and updated its Online Privacy Policy, Children’s Policy (COPPA) and Website Terms of Service to clarify Securly’s role and how we process personal data related to the Securly platform and website services and to include language required by the GDPR.

Securly Service Agreement. Securly reviewed and updated the Securly Service Agreement to include GDPR-compliant data processing terms where necessary to comply with GDPR obligations.

Data Processing Addendum. In addition to the Service Agreement, the Data Processing Addendum is tailored to address the unique aspects of Securly’s platform and services and reflects our data security procedures and data processing activities. Once signed, our customers will have terms in place with Securly to cover transfers of EU personal data that may occur through the customer’s use of the Securly platform and our services.

Third-Party Service Provider and Reseller Agreement. We reviewed and updated existing third-party service provider and reseller agreements to include GDPR-compliant data processing terms where necessary to comply with GDPR and cross-border transfer obligations.

Subprocessors. Securly inventoried and assessed which third-party service providers are its subprocessors in order take steps to ensure that their processing meets the requirements of the GDPR.

Record of Processing. To comply with GDPR requirements, Securly has reviewed its data processing activities and determined which data processing activities and systems are subject to the GDPR.  This review has been documented and inventories and maps our data processing activities, reflecting our current activities and privacy program with regard to the GDPR.

GDPR EU Representative.  We set up a wholly-owned subsidiary in the UK “Securly Limited” to serve as our EU Representative.

Any other questions?

Please feel free to email the Securly team at [email protected].