GDPR Readiness

The European Union’s General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. It provides new protections for EU citizens and residents with regard to handling of personal data by service providers. Spatial Networks has been working to ensure Fulcrum is ready to meet the needs of our users with regard to GDPR. The following information summarizes our readiness to address GDPR.

You may need to delete customer data in order to comply with data protection and privacy regulations. Fulcrum offers a rich set of features to help you meet your obligations under the GDPR. Fulcrum customers can delete their own data at the organizational/account level. For individual requests following a data subject request, customers can permanently delete their data by creating a support ticket.

Under GDPR, Fulcrum acts as a Processor for our customers, who are Controllers of the data they collect. Customers will need to provide some personal information to Spatial Networks to initiate a Fulcrum subscription. Spatial Networks obtains explicit consent to collect that information in accordance with our Terms of Service and Privacy Policy. The Fulcrum form designer provides a rich set of tools to allow customers to obtain, log, and retrieve evidence of explicit consent from any data subjects about which they collect personal data. Spatial Networks can provide form design support to our customers through our professional services team.

Spatial Networks customers may use the Fulcrum export tools to export data in a variety of open formats, including CSV, Microsoft Excel (XLSX), and JSON.

Fulcrum works seamlessly with vendor-provided device encryption on iOS and Android to support encryption at rest on mobile devices in the field. When data is synced to the cloud, it is encrypted in transit using TLS. Data is accessible only through the Fulcrum API, which applies role-based access control to prevent unauthorized access. Further information about security can be found on the Fulcrum security page.

To comply with GDPR requirements, customers may opt to house their data within the borders of the EU.