GDPR compliance is of the uttermost importance to us. We continuously analyze and chart the flows of personal data, review our external providers and make sure that there are legally adequate data processing agreements established, and adapt routines and processes to protect data and handle requests and questions related to data.
We consider data protection and GDPR compliance a critical part of our ongoing processes and always keep it in mind in our development. We do this to ensure that Vaam's services are always in line with any legal requirements concerning the processing of personal data, and to make GDPR- compliance as easy as possible for our customers.
The data subject should first and foremost direct the request to the controller. For example, you are the data controller of any videos you record and if someone has a request concerning it, it should be directed towards you. Vaam is not allowed to act on instructions from anyone but the data controller.
We will work with, and guide our users to ensure that all data on our platform complies with GDPR.
The GDPR demands the designation of a DPO if the core activities of the data processor consist of processing operations which by virtue of their nature/scope/purposes require regular and systematic monitoring of data subjects on a larger scale or the core activities of the data processor consist of processing of special categories of data on a large scale.
Neither of these descriptions are fully applicable to Vaam. Our core activity is to process personal data (video), but we do not process special categories of data on a larger scale and it our processing does not constitutes a “regular and systematic monitoring of data subjects”, especially on a large scale.
Nevertheless, we have continuous legal council about our data processing responsibilities. Should our situation evolve into one where a DPO would be required to comply with GDPR, it is our intention to make sure that we do what is necessary for compliance.
“Privacy by design” and “Privacy by default” concerns technical and organizational security measures for processing personal data. It concerns both routines for processing and that the development provides privacy as default.
For example, this could be automated functions for erasure, automatic pseudonymization or logging access to personal data.
In all of our development work, Vaam works with these aspects and takes your compliance in these aspects into consideration.