Weld GDPR roadmap

Document updated 2018-05-24.

Weld is fully committed to GDPR and will support it fully by May 25, 2018. As part of our process we lead the Stockholm-based meetup and discussion group “GDPRiet”.

Controller/Processor

Data Protection Officer (DPO)

The Data Protection Officer at Weld is our CTO Henric Malmberg (henric@weld.io).

Weld GDPR action plan

Action

Comments

Due date

Completed?

Assign a Data Protection Officer, report to Datainspektionen if >250 employees

Henric Malmberg, CTO

Define if Controller or Processor

2018-03-05

Contact all 3rd party/external services

2018-03-16

Review personal data usage in all internal services

2018-03-23

Review personal data usage in all 3rd party/external services, get DPA’s signed

2018-04-13

Join EU-US Privacy Shield?

Not needed for Weld

Anonymize/tokenize all internal services except the main user database

2018-03-05

Implement manual “forget me”/“offboarding”

Did automatic instead, see below

2018-04-01

Implement fully automated “forget me”/“offboarding”

2018-04-30

Implement consent tracking (Terms & Conditions)

2018-05-07

Implement “See my data”/”Export data”

2018-05-14

Implement data expiry after certain time

Will do manual checks on a monthly basis, starting July 25

2018-05-14

Implement age check

2018-04-30

Implement data breach notification process

2018-05-14

Update Terms & Conditions

2018-05-25

Email all users about new T&C’s