Virgin Pulse Announces Industry-Leading GDPR Compliance
Virgin Pulse Extends the GDPR’s Strong Data Privacy Rights to All Clients and Members Across the Globe
Providence, R.I. - (May 25, 2018)
Virgin Pulse, the leading global provider of digital employee health, wellbeing and engagement solutions, today announced that it has achieved compliance with the EU General Data Protection Regulation (GDPR) for the Virgin Pulse platform. The company has also appointed Associate Counsel Beatrice Botti as Data Protection Officer (DPO) to oversee the Virgin Pulse privacy program.
With this achievement, Virgin Pulse leads the market as the first company in the wellbeing and engagement industry to fully meet the comprehensive standards of the new GDPR data privacy law. The company has completed a thorough review of its internal data collection, storage and handling processes and implemented enhancements to achieve GDPR compliance and give all Virgin Pulse customers and members greater control over their personal data.
The GDPR is the first major law to replace and address shortcomings and gaps in the 1995 Data Protection Directive 95/46/EC including enforcement, liabilities, documenting processes, risk assessments, notification in case of a breach. This new regulation also strengthens rules for data minimization. As a global organization with more than 570 clients, hundreds of thousands of users and broad operations in the EU, Virgin Pulse has been focused since early 2017 on ensuring GDPR compliance by the May 25, 2018 deadline.
“Member privacy is at the center of our strategic priorities. Securing and protecting client and member data has never been more important than it is today, and we are proud to be setting a strong example in this area,” said David Osborne, CEO of Virgin Pulse. “Achieving compliance with the GDPR is a rigorous process, one we have been actively and diligently working towards over the past year. We believe that all of our clients and members around the world should benefit from the same strong privacy rights and best practices, and have gone above and beyond to implement the GDPR as the Virgin Pulse standard for all clients and members, not just those located in the EU.”
To achieve this compliance, Virgin Pulse conducted a comprehensive audit of its member policies and made revisions to ensure the language and tone are clear and understandable. All members are prompted to review and accept the redrafted policies and expressly consent to Virgin Pulse’s privacy practices to participate in any of the programs. As part of this process, the company’s product design, software development and implementation processes reflect a Privacy by Design philosophy. These embedded processes allow members to withdraw consent at any time, and grant members broad rights to request access, correct or delete their data.
With more than 3,200 clients, including 20 percent of the Global Fortune 500, and 2.1 million members across 190 countries, Virgin Pulse is the only truly global employee wellbeing and engagement provider in the market. Available today in 18 languages, Virgin Pulse has designed and developed its products to meet the needs of global organizations, and will continue to invest in its infrastructure and lead the industry in data privacy and security. The company’s GDPR efforts strengthen an existing foundation of data privacy and information security. Virgin Pulse’s Information Security Management System is also certified against the ISO 27001:2013, a robust and comprehensive global information security standard, and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.