GDPR Compliance

GDPR Compliance

Thought Industries is committed to doing our part to ensure that personal data is adequately protected. As such, we are actively reviewing the requirements of EU Regulation 2016/679 (more commonly referred to as the “General Data Protection Regulation” or “GDPR”), and how they affect our customers and us.

GDPR went into effect on May 25, 2018. As part of our compliance program, Thought Industries is:

Perform Policy Updates

  • Privacy Policy and Terms of Service: our Privacy Policy and Terms of Service align with GDPR.
  • Cookie Handling: our cookie handling policy complies with GDPR. We developed functionality that allows a school to display banners notifying learners of the cookies being used.

Perform Product Updates

  • Data Collection and Consent: We only collect learner data when a visitor to a Thought Industries school has given their explicit consent and opt-in. We will also ensure a learner has explicitly opted-in when they sign up for an account.
  • Data Access, Portability, and Deletion: We have implemented processes that allow customers and users to request their data be corrected, exported, or deleted.

Perform Operational Updates

As part of our overall compliance roadmap, Thought Industries has already conducted an ISO 27001-based Gap Assessment in partnership with an external third-party vendor. In addition, we have:

  • Appointed a Data Protection Officer (DPO).
  • Built a formal data map.
  • Performed internal threat modeling and gap analysis (and set up a recurring schedule).
  • Adopted and formalized written policies around core areas, including (but not necessarily limited to): data protection, data backup, data retention, access management, and breach management and reporting.
  • Instituted formal data protection training for all Thought Industries employees.

We also have done the necessary legal paperwork to be able to confirm that our Data Sub-processors (primarily Amazon Web Services) are GDPR-compliant. We are also able to offer a Data Sub-processor Addendum to the contracts of customers who request it. To request, please email support@thoughtindustries.com.

We will continue to keep this article updated with our current status. If you have any questions, please don't hesitate to contact your Customer Success representative.