Changes we implemented for GDPR compliance

• We added a Data Processing Amendment to our Terms of Service, as required by the GDPR.
• We appointed a Data Protection Officer to manage our data protection program.
• We have implemented new and appropriate policies and procedures to respond to data user access requests, data deletion requests and governmental access requests.
• We have identified and have begun reviewing our contracts with subprocessors to make sure they are putting in place procedures that meet the GDPR requirements.
• We created and started a Data Protection Impact Assessment process, as required by the GDPR.
• We are delivering training to appropriate staff regarding the key issues related to the GDPR.
• We began the process of applying for approval of Binding Corporate Rules to support our data processing operations.
• We have prepared a detailed register of our data processing activities, as required by the GDPR.