What is GDPR?
GDPR is an EU-wide privacy and data protection law that regulates how EU residents’ data is protected by companies and enhances the control the EU residents have, over their personal data.
The GDPR is relevant to any globally operating company and not just the EU-based businesses and EU residents. Our customers’ data is important irrespective of where they are located, which is why we have implemented GDPR controls as our baseline standard for all our operations worldwide. GDPR has taken effect from 25th May 2018.
What is personal data?
Any data that relates to an identifiable or identified individual. GDPR covers a broad spectrum of information that could be used on its own, or in combination with other pieces of information, to identify a person. Personal data extends beyond a person’s name or email address. Some examples include financial information, political opinions, genetic data, biometric data, IP addresses, physical address, sexual orientation, and ethnicity.
How prepared is Apostle for GDPR?
We have acted on many fronts to adhere to this new regulation.
- We have raised awareness across the organization through frequent discussions in our internal channels, and trained employees to handle data appropriately. They now understand the importance of information security and the high standards set by GDPR.
- We have assessed all Apostle products, individually, against the requirements of the GDPR and have implemented new features that will give you more control over your data and ease your burden of achieving GDPR compliance.
- We have assessed our sub-processors (third party service providers, partners) and streamlined the contract process with them to ensure that they have addressed the pressing needs of the current security and privacy world.
- We have appointed internal privacy employees for all our teams.
- Our application teams have embraced the concept of privacy by design and have provided you more control over the data you store in our systems. These provisions may vary based on a product’s characteristics and domain. We constantly endeavour to provide you with more enhancements, which shall be rolled out in phases.
- We have amended our Data Processing Agreement (based on Model Contractual Clauses) to be compliant with the data processing requirements of GDPR. Upon request, we will share the revised Data Processing Agreement to enable you to be compliant with your GDPR obligations.
If you are the organization administrator and would like to sign a DPA with us, please contact us for more information.
- We conducted internal audits of our products, processes, operations, and management. The findings were communicated to our teams, who have worked out the solutions to the identified problems.
- We have cleaned up our databases to ensure that we have only the latest and most accurate information. This cleanup process includes removing terminated and dormant accounts.
- When needed, breach notifications will be done according to our internal Privacy Incident Response policy. Customers will be notified of a breach within 72 hours after Apostle becomes aware of it. For general incidents, we will notify users through our blogs, forums, and social media. For incidents specific to an individual user or an organization, we will notify the concerned party through email (using their primary email address).
- We have revised our policy to incorporate the requirements of the applicable privacy laws based on our data inventory, data flows, and data handling practices.
Like what you see?
Apostle Connect is free for 30 days.Try for 30 days