Fond: Assessing GDPR Readiness

How Primitive Logic helped Fond elevate data privacy and protection for customers

“Primitive Logic helped us not only to become ready for GDPR, but also to implement a holistic solution to protect the data of all our clients, not just those abroad.”

— Shirley Foster, Vice President of Engineering, Fond

Overview

When employee engagement platform provider Fond learned about the EU’s General Data Protection Regulation (GDPR), they recognized an opportunity to provide a higher level of data privacy and protection to all their customers. That’s why they contacted Primitive Logic.

About Our Client

Fond offers an online employee engagement platform to help businesses attract, retain, and motivate team members. More than 500 companies (including Primitive Logic) use Fond to give recognition, reward contributions, and access discounted perks on dining, entertainment, travel, and other products and services.

“The Fond platform helps us foster a culture of appreciation and mutual respect. One of our core values is ‘Support Each Other,’” explains Primitive Logic CEO Jill Reber. “We believe in giving all team members the opportunity to offer immediate feedback to each other, to give recognition for a job well done, and to simply say ‘thank you.’ Fond enables us to make this happen.”

The Challenge

While Fond works primarily with U.S.-based organizations, several of their customers employ residents of the European Union, which makes them subject to the GDPR. Since Fond handles the personal data of these employees — including names, job titles, email addresses, and phone numbers — they are subject to the regulation as well.

In preparing for the GDPR, Fond’s leadership saw an opportunity to elevate their value offering by enhancing data privacy and protection for all customers — not just those who employ EU residents. First they needed a partner with expertise in both the GDPR and master data management who could help them turn this vision into a reality.

Why Fond Chose Primitive Logic

Fond learned about Primitive Logic through a recommendation from their legal counsel, who was familiar with our GDPR work for other clients. In the initial meeting, we helped the Fond leadership team to better understand the regulation and discussed how it could apply to their organization. Fond recognized that Primitive Logic offered not only deep expertise in how the GDPR works, but also hands-on experience in helping other firms improve their data privacy and protection to conform with the regulation’s high standards.

“We chose Primitive Logic because of their expertise, quality work, and knowledge on data privacy and protection. Primitive Logic helped us not only to become ready for GDPR, but also to implement a holistic solution to protect the data of all our clients, not just those abroad,” says Shirley Foster, Vice President of Engineering at Fond.

The Solution

Primitive Logic worked with the Fond team to review several areas of the organization and conduct gap analyses with respect to the GDPR’s requirements.

Data Map and Process Flow: We developed a map of Fond’s system architecture and captured data process flows to gain a thorough understanding of how the company handles personal data.

Policies: Primitive Logic reviewed Fond’s policies, including their privacy policy and terms/conditions, to identify compliance gaps and provide recommendations for remediation.

Processes and Procedures: We also created an inventory of their data processing activities and reviewed them in light of the GDPR’s requirements. Among our recommendations were new procedures for responding to data subject requests (for erasure, for portability, etc.) and for deleting data that the company no longer has a legitimate reason to retain.

Contracts: In reviewing Fond’s contracts with third-party providers, we made recommendations for updating clauses that concern the handling of personal data.

Reporting and Documentation: We helped Fond develop a record of processing activities (ROPA), as the GDPR requires. We also demonstrated how to conduct a data protection impact assessment (DPIA), which is not currently required but may apply to future activities.

Education: Both Fond and Primitive Logic feel that employees should understand the basics of the GDPR and their role in supporting the compliance effort. Everyone should know what changes may be impacted by the GDPR and whom to go for guidance as the business continues to evolve with new processes, new reports, and new vendors. With this goal in mind, we conducted a training session for the entire organization to provide an overview of GDPR requirements as well as best practices in data privacy.

Governance: We worked with Fond to recommend governance programs that help them maintain compliance as their business evolves.

When we completed the project, Fond had a holistic understanding of how the GDPR affects their organization and a strategy for addressing their compliance gaps. They can now demonstrate to customers with EU employees how their data processing activities align with the GDPR’s requirements. As Fond continues to scale, they can also assure future customers that they handle employees’ personal data in accordance with one of the world’s most stringent data protection regulations.

“Fond is ready and able to address GDPR compliance with customers around the globe, thanks to help from Primitive Logic,” says Foster. “Now, we can inform our customers on guidance as the Fond platform continues to evolve, along with the needs of our users.”

We Can Help

Let the Primitive Logic team help you achieve mindful digital transformation.

Contact Us