Back to blog overview

Our path to GDPR compliance

Widget Brain’s algorithms are used by many organisations around the world. As our algorithms are embedded in all of those businesses, we take IT security very seriously. We are constantly improving our algorithms to help organisations make better decisions and also to make them more secure, in line with the ISO27001 standard for information security.


As you may have noticed, nearly every organisation is informing you about their GDPR (General Data Protection Regulation) compliance. Widget Brain is no exception to that rule: on May 25th, personal data owners get more control over their own data. For us, that means that we evaluated what personal data we process and how we can enable data owners to have more control over their own data.


This blog post gives some insight in what we did and what will change. We have gone through four steps:


1. Identification & risk assessment

We have internally assessed all our personal data processing activities. Widget Brain’s core systems do not rely on personal data.  Some of our algorithms (workforce management, maintenance planning) use personal data, such as an employee’s ID number. Additionally, we use personal data in the following ways:

  • Full Name: application personalisation only;
  • Username and email: system monitoring and event logging within Widget Brain apps.


2. System and policy updates

We’ve updated our internal information security policies and our privacy policy. GDPR regulations specify which information the privacy policy must contain.


Next, we’ve shifted features that were on our long term roadmap to March-April 2018 in order to complete those items before the GDPR regulations went into effect. These features enable our end users to exert their rights as a data owner. 


GDPR Consumer Rights – or some data subject rights such as the right to access, data portability, rectification, erasure and more from a consumer view by the GDPR Awareness Coalition

3. Raise awareness

In order to make everyone at Widget Brain aware of what changes under GDPR, we train our employees. We have clear internal guidelines, and we regularly discuss IT security/GDPR in our company meetings.


4. Communicate

We are at the final and most important step: Reaching out and communicating what we’ve done and what changes. You can read our privacy policy here. If you are interested in more details or have questions, please read our FAQ. Otherwise, contact us through with your question.