Corsearch is Here to Help You Understand and Navigate GDPR
GDPR – FAQs
Corsearch takes compliance very seriously and gives a high priority to any personal data we process to ensure that individuals’ rights are respected (including, for clients or prospective clients, the limited contact personal data that we collect, process and maintain in relation to account information).
We maintain appropriate data protection, privacy and security measures, policies and procedures to ensure the security of all information we collect, process and/or maintain. With the implementation of the GDPR, like most other businesses, we are in the process of enhancing these measures to ensure compliance with the GDPR, where applicable.
Please keep in mind that for the purposes of the GDPR, the personal data that we process in relation to clients or others is undertaken in Corsearch’s capacity as a “controller” and not a “processor.” The information in our products, through the services we offer and, generally as a business, is information we license through authorized third-party providers. In relation to our own processors, we have and are taking on-going steps to ensure these entities comply with GDPR requirements (where applicable), and that we have appropriate contractual protection in place, where required. For purposes of information, we store data on our servers in Mechelen, Belgium and in the United States and through our EU-US Privacy Shield-certified cloud-based providers.
GDPR — What is required and How Corsearch is prepared:
The GDPR is a European Union (EU) law which enhances individuals’ rights in respect of their personal data. The GDPR applies to all personal data processed by organizations established in the EU, and to personal data processed by non-EU organizations to the extent that they offer goods or services to individuals in the EU or otherwise monitor their behavior.
While data protection and privacy laws have been in existence in the EU and globally for some time, the GDPR is a single regulation which is directly binding in all EU member states, and which aims to unify existing, fragmented national laws and extend the territorial scope of EU data protection laws.
The GDPR affects Corsearch in two major ways: (1) we need to be compliant as a company internally and externally, as we conduct business throughout the EU and globally and; (2) we need to address, for clients and as a business, how this law affects the data offered through our platform and within our products and services.
As a recent, stand-alone company, we are making the most of the opportunity to put into place state-of-the-art security systems, policies, procedures and technical safeguards to ensure the safety and security of the personal data of our employees, clients and others. Diane Plaut, the General Counsel of Corsearch is a privacy professional and is committed to compliance and data protection at Corsearch. As a counselor and guide to Corsearch and its employees on data protection, privacy and information security laws, Diane helps to ensure that we have a fully compliant infrastructure, policies and procedures. Diane is also a resource to help answer questions you, our clients, or employees may have and to help ensure the development and promotion of compliant products and services by Corsearch, its business partners and vendors.
The Corsearch GDPR Compliance Program:
Corsearch has a full project team in place to ensure GDPR compliance. Corsearch has taken the following steps to achieve ongoing compliance:
- Data Assessment and Data Flow Mapping: Corsearch has carefully reviewed where and how it collects, uses and stores personal data. Our data is broken down into three (3) primary buckets: (1) the personal data of our employees; (2) the limited personal data of our clients or prospective clients; and (3) the limited personal data that may appear in the products on our platform.
- Cross-Border Transfers of EU Personal Data: Cross-border transfers of personal data will occur in relation to some of our processing activities. To address this, Corsearch has: (1) put European Commission-approved Model Clauses in place between our EU and non-EU group companies; and (2) ensured its vendors are Privacy-Shield Certified; or there are otherwise adequate contractual clauses in place to ensure personal data is adequately protected, in accordance with the law.
- Employee Compliance Training and Education: Our employees have received training on the GDPR and will continue to receive ongoing training, including live training to address all questions, function specific issues, broader topics of interest in relation to privacy, security and data protection, as well as online training for general knowledge and educational purposes. These training programs all help to ensure that personal data is handled appropriately in accordance with the law, and as required across the company.
- New Services and Enhanced Products: We have created new and enhanced features and services within our Domain Brand Solutions platform to help clients have new tools or mechanisms through which to identify WHOIS information, which may no longer be fully available in or accessible through WHOIS records.
- Marketing: We are on top of the respective questions and issues surrounding consent and have put into place all needed notices and mechanisms to ensure you are always aware and in control of how we use your personal data.
What steps does Corsearch take to ensure compliance and keep my data safe?
We will only process your personal data for the specific purposes for which it was collected and in accordance with our privacy notices and policies which we provide to you and update as necessary. We will fulfill our duty and inform you if our use of your personal data materially changes.
We will comply with our obligations regarding requests from data subjects in relation to their rights under the GDPR (where applicable), including, without limitation, rights of access, rectification, restriction of processing, objection to processing, data portability and erasure. We have acted in accordance with all laws to ensure that we are supplied with accurate data but cannot be responsible for the inaccuracy and the quality of the personal data that is supplied to us.
We have safeguards in place in the form of confidentiality clauses and contractual provisions with vendors, employees, contractors, processors and sub-processors to ensure they have only necessary and restricted authorized access to and limited use of personal data, and only within the scope necessary to perform the services we request. In addition to our employee training programs, we are implementing internal policies which dictate how our employees protect and process personal data in the course of their duties.
The Corsearch Data Protection Program:
The measures we take to protect data include, but are not limited to:
- Compliance and Training Programs: Corsearch has and maintains an appropriate data protection compliance program for ensuring adherence with all applicable data protection laws. Corsearch employees are and will continue to be trained in data protection, security and privacy.
- Security: Corsearch is putting into place a sophisticated IT security platform, to create networks, technical safeguards and mechanisms to protect data, to prevent data breaches, to identify potential breaches and to report breaches as effectively as possible. Corsearch has lined up top vendors in data security to monitor and handle all data breach issues and create a first-rate data breach detection system, with 24-hour coverage, ISO/IEC 27001 standards, and a breach notification system that takes into account all U.S. state and GDPR breach notification requirements.
- Restricted Access and Processing: Corsearch only uses personal data for the specific and limited purposes for which it identifies upon collection (including to perform the services clients request), and has implemented contractual clauses, safeguards, policies and procedures to ensure safe-keeping of personal data and to fulfill all applicable legal requirements and standards. Moreover, we carefully chose and vet all vendors to ensure they adhere to and fulfill all applicable legal requirements and standards.
Data Retention — How long do we keep personal data?
Corsearch has developed a Document Retention and Destruction Policy to ensure that personal data is not retained for longer than is necessary for business purposes. This is subject to any limitations described in separately requested service agreements or terms between Corsearch and our clients, as well as any restrictions prescribed by law that prevent us from destroying such personal data in relation to a legal hold, bankruptcy or other legal or contractual provision or matter. We will always honor requests to delete or access personal data in line with data subjects’ rights, where required to do so.
How will GDPR impact the marketing activities of Corsearch
Corsearch has updated its marketing policies and procedures which are in line with GDPR and ePrivacy Directive requirements and which will take into account ePrivacy Regulation requirements, once determined. Corsearch is clear about how and when it collects personal data and the specific purposes for which it is collected and be will used. All Corsearch employees have been told of these principles and will receive all needed and continued trainings to ensure compliance with all laws.
At Corsearch, we value you and the security of your personal data. We ensure all necessary measures are in place and will continue to be in place to ensure data protection compliance now and always.
Diane Plaut, General Counsel and Privacy Officer, Corsearch
Please see the following links to the articles we have published on GDPR:
Privacy, Data Protection and Electronic Direct Marketing – The Changes Ahead
GDPR and WHOIS: What Will Happen to Key Information as of May 25 — Likely Blackout Period and Corsearch Solutions
Webinars and Training
Diane Plaut will offer GDPR-related Webinars on the following dates (duration: 1 hour):
- GDPR Fundamentals on June 25th, 2018 at 10:00am (EST);
- What Corsearch is Doing to Comply with GDPR on July 25th at 10:00am (EST);
- Data Protection Laws, Data Breach Notification and Incidence Response on September 26th at 10:00am (EST).
Brian Conchuratt will offer Domain Investigation Webinars on the following dates, every Tuesday at 10am (PST)/1pm (EST) throughout June (duration: 1 hour):
- Tuesday, June 5th
- Tuesday, June 12th
- Tuesday, June 19th
- Tuesday, June 26th
Details to register for these Webinars and training sessions forthcoming.