At Quip, we're committed to protecting personal data, and we welcome the GDPR as an important step forward in streamlining data protection requirements across the European Union. We see the GDPR as an opportunity for Quip to forge a deeper partnership with our customers by supporting them on their compliance journey.
Under the GDPR, your customers have the right to request that their personal data be deleted. Quip offers an array of features—both within the product and through the Quip API—to help you comply with those requests. We've also got a full support team at the ready who can step in and help do the work for you.
Quip offers a number of ways for users and admins to retrieve the data contained in their documents, spreadsheets, and chats. Documents can be exported as PDFs, HTML, LaTeX, Word files, or Markdown, and the Quip API and Business Portal can be used to handle more complex requests.
The GDPR requires you and your company to honor people’s requests about how you use their data. Quip allows users to control who can see their actions in Quip, how they get notified about new activity, and what activities they get notified about in the first place.
In Quip, users have a number of ways to limit how their data is used. They can restrict access to a given document—or delete that document entirely. Administrators can disable specific users, set editing permissions across their entire site, or use the API to create snapshots of their site's data before deleting it.
Salesforce offers customers a robust data processing addendum containing strong privacy commitments that few software companies can match. This addendum contains data transfer frameworks ensuring that our customers can lawfully transfer personal data to Salesforce outside of the European Economic Area. This addendum also contains specific provisions to support customers in their compliance with the GDPR.
- Raise awareness of the importance of GDPR compliance with organization leaders
- Obtain executive support for necessary staff resources and financial investments
- Choose someone to lead the effort in becoming GDPR-compliant
- Build a steering committee of key functional leaders
- Identify privacy champions throughout the organization
- Review existing privacy and security efforts to identify strengths and weaknesses
- Identify all the systems where the organization stores personal data, and create a data inventory
- Create a register of data processing activities, and carry out a privacy impact assessment for each high-risk activity
- Document compliance
- Ensure privacy notices are present wherever personal data is collected
- Implement controls to limit the organization’s use of data to the purposes for which it collected the data
- Establish mechanisms to manage data subject consent preferences
- Implement appropriate administrative, physical, and technological security measures and processes to detect and respond to security breaches
- Establish procedures for responding to data subject requests for access, rectification, objection, restriction, portability, and deletion (right to be forgotten)
- Enter into contracts with affiliates and vendors that collect or receive personal data
- Establish a privacy impact assessments process
- Administer employee and vendor privacy and security-awareness training
- Compile copies of privacy notices and consent forms, the data inventory and register of data processing activities, written policies and procedures, training materials, intracompany data transfer agreements, and vendor contracts
- If required, appoint a data protection officer and identify the appropriate EU supervisory authority
- Conduct periodic risk assessments