GDPR Compliance

We’ve worked hard to ensure that we’re ready for the EU General Data Protection Regulation (GDPR).

What is GDPR?

On May 25, 2018, the General Data Protection Regulation (GDPR) took effect. For European individuals, GDPR expands their data privacy rights and gives them more power to control their data. For companies that process the personal data of these European individuals, GDPR requires compliance with a new set of regulations.

GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that European individuals can exercise with these companies. Further information on GDPR is available on the European Union’s official website.

Compliance Features

We offer a Data Processing Agreement (DPA) that you can opt into. DPAs include standard contractual clauses («Model Clauses») that are the mechanism for GDPR-compliant data transfer. The DPA includes all the information on what Accredible does with your data, who has access to it, who it is shared with.

To satisfy the data portability requirements for GDPR, you can easily export data from your account, and submit a request to remove data at any time.

Our agreements clearly state that we’re not able to share your data with any third party that’s not bound by our data privacy agreement. We’ve formed contractual relationships with all of our suppliers that do things like host our databases (Amazon Web Services) or provide data backup hosting (Google Cloud) to ensure full legal and process protection for your data in accordance with EU privacy law.

Credential Recipients’ Data Rights

Credential recipients can retrieve a copy of all the data that Accredible holds on them and can submit a request to have it completely removed from Accredible’s records. You will be notified if a recipient has requested to be forgotten.