How Ushahidi Prepared for GDPR

What is the General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR), it is a comprehensive set of regulations that protects EU citizens data. It specifies how personal data can be processed and monitored. The law is in effect as of May 25, 2018. See the full regulation for more detail. 

How Ushahidi Prepared for GDPR

Respecting your privacy essential to our mission: to build technology that helps marginalized people raise their voice to get the support they need. Data that our users collect is important to their cause and may includes personal data. Owners of that data require clear privacy and access rights. While we have always been dedicated to ensuring your data privacy, we want to clarify changes to our practices and policies to comply with the EU’s General Data Protection Regulation (GDPR).

Should GDPR concern me?

Even if you are not based in the EU, GDPR rules may still apply to you. If you are using Ushahidi to collect data from EU citizens, you need to be GDPR compliant. If you are not based in the EU it is still good practice to comply with these rules to provide necessary protections for the personal data you collect.

How Ushahidi has prepared for GDPR

We clarified your rights in our privacy policy

We’ve updated our Privacy Policy to include the rights you have over your data including right to access, modify, delete or restrict your data.

We confirmed our vendors comply with GDPR

Since we use third party tools like Google Analytics to improve our services and Intercom to provide support, we made sure that all our vendors are GDPR compliant. We have reviewed all of our vendors privacy policies and Data Protection Agreements. In addition, we’ve provided more information about what vendors we use within our Privacy Policy.

We updated our Data Processing Agreements

The GDPR regulations require data protection commitments between all customers, contractors and vendors. Our updated Data Processing Agreement describes the terms of our commitments. Our Data Processing Agreement is available to any customer to sign upon request.

We’ve completed an internal data audit

To document our compliance with the GDPR we’ve audited all the personal data we hold, and the legal basis we have for holding it. We plan to complete data audits at least once a year.

We’ve documented our security practices

We’ve added a Data Security section to our support pages to explain how we keep data secure, and published our security contacts.

We’ve updated our data access and portability features

We updated Ushahidi’s data mode with bulk actions, so you can delete and change the status of reports. We’ve also made improvements CSV exports so that you can retrieve all or any slice of data from your deployments and import it into other tools of your choice.

We’re providing a new line of support for data requests

We want to make sure that you are able to access all of your data rights either within the Ushahidi platform or by contacting us directly. If you need to access, modify, delete or restrict your data, you can write us at data@ushahidi.com.

Continuing to improve our privacy and security

We want to continue to improve our privacy and security practices, and make it easier for our users to maintain the privacy of their data. We’re currently working on or planning:

  • Self service tools for data controllers
  • Infrastructure migration and security hardening
  • EU-US Privacy Shield membership