Regarding DPF, we will be carefully examining the implications of certification, and will update you as and when Book Like A Boss is DPF certified. We are also tracking the status of our vendors. In the meantime, all transfers of data to Book Like A Boss in the US are secured by Standard Contractual Clauses, in connection with which we have completed a Transfer Risk Assessment which documents the legality of such transfer. The new DPF empowers the US Civil Liberties Protection Officer and the Data Protection Review Court (DPRC) to review cases of data transferred based on SCCs too; such that the regulatory profile of Book Like A Boss transfers is even stronger now that the DPF has been agreed.

We have conducted a security audit to make sure all of our security measures and protocols are fully GDPR-compliant.

Book Like A Boss organizational policies, especially our data security and data privacy policies, cover what is required by the GDPR. Our staff is fully aware of the need for strong data security and privacy practices across the entire company. This is an ongoing process and we see it as a key factor to our success in this project.

Book Like A Boss is documenting and developing all operational procedures required to support an individual’s right to review any of their private data that we store, the right to be forgotten, etc.

We have updated all our data processing agreements in light of GDPR requirements.

The broader topic of data security is a long-term commitment rather than a one-off project. Book Like A Boss remains committed to data security and privacy and we will ensure that our customers are protected in an ever-changing landscape of regulation and real-world threats.