The General Data Protection Regulation (GDPR), the European Union's new data privacy regulation, will come into effect on 25 May 2018 and will have an effect on all organisations and individuals who live or operate in the EU.
The GDPR regulation represents the most revolutionary shake-up of data protection law in the EU in over 20 years. Why is that? It has a broader scope, contains stricter standards, and is accompanied by significant financial penalties. It sets rigorous conditions on the use, process, and export of personal data in an attempt to strengthen individuals' rights.
Data privacy and integrity have always been core values of Turnitin's culture. We fully embrace the upcoming changes and have evaluated and updated our data privacy practices to exceed the requirements set forth by GDPR to ensure that our customers' data is fully protected and that we are supporting our customers to be compliant as well.
The Privacy Center includes an updated Terms of Service (which is also incorporated into our customer Registration Agreements). The new Terms of Service now includes the mandatory GDPR provisions so that our customers, who must be GDPR compliant as well, will not need to send us any contractual amendments or take any additional actions as to their contracts with us.
As to the transfer of data, we always use appropriate safeguards, such as the EU Model Clauses and the EU-US or Swiss-US Privacy Shield, for which Turnitin is fully certified. We've implemented appropriate technical and organisational measures to ensure stringent data security so that you can feel confident that any personal information is safe and secure when accessed from outside the EU.
Giles Kerrush is the International Commercial & Legal Manager at Turnitin.