How we’re preparing for GDPR
Posted on May 21, 2018 by Jason Kaehler, CEO
What is GDPR?
The General Data Protection Regulation (“GDPR”) is a new European privacy regulation which will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.
To whom does GDPR apply?
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
To what implications does GDPR have for organizations processing the personal data of EU citizens?
One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely.
Organizations will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organizational measures, as well as compliance policies.
What data we are collecting from you?
Feedback and correspondence
How we use your personal data?
(a) operate, maintain, administer and improve the services;
(b) send transactional messages, including responses to your comments, questions, and requests; provide customer service and support; and send you technical notices, updates, security alerts, and support and administrative messages;
(c) respond to your service-related requests, questions and feedback;
(d) monitor and analyze trends, usage, and activities in connection with our website, services and for marketing or advertising purposes;
(e) personalize our website and services, including by providing features or advertisements that match your interests and preferences; and
(f) for other purposes for which we obtain your consent.
You may be entitled to:
opt out from processing of your personal Information for direct marketing purposes;
request information regarding the processing of your personal Information, including to be provided with a copy of your personal data;
request the correction and/or deletion of your personal Information, or object to the processing of your personal Information;
request the restriction of the processing of your personal Information;
request receipts or transmission to another organization, in a machine-readable form, of the personal Information that you have provided to us; and
complain to your local data protection authority, or to a court of law, if your data protection rights are violated. You may be entitled to claim compensation for damages or distress incurred or suffered as a result of unlawful processing of your personal Information.
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. Check out Security Page for more details.
List of Data Subprocessors
Welcome to Asylum Labs Subprocessor repository page where we maintain a current list of Subprocessors authorized to process customer data for Asylum Labs services. Asylum Labs imposes data protection terms with each Subprocessor regarding their security controls and applicable regulations for the protection of personal data.
Entity Name, Entity Location
Mail Chimp, USA
What has Asylum Labs prepared for GDPR?
All vendors are required to sign an EU Data Protection Agreement prior to working with us. This document addresses common requirements concerning Notice, Choice, Onward Transfer, Access, Security, Data Integrity and Enforcement of the Personal Data with respect to the vendor’s Personal Data. Any vendor has the right to terminate its working relationship with us and request the deletion of Personal Data pertaining to them.
Our team is educated on changes related to GDPR and other data handling practices so all employees understand our security standards and commitment to privacy for our users.
We take a holistic, risk-based approach to security. This means the platform secures your data in transit and at rest, restricts and secures data access, and provides continuous incident monitoring.
Any third-party service providers that are utilized by us will only be given access to Your Account and Service Data as is reasonably necessary to provide the Service and will be subject to their implementing and maintaining compliance with appropriate technical and organizational security measures. Check out Asylum Labs Subprocessor List for more information.
Our Data Processing Agreements have been updated. For more information on how customers can enter into it, contact Asylum Labs at firstname.lastname@example.org.
Transfers of personal data outside the European Economic Area (EEA) are permitted as long as certain safeguards apply. Our customer DPA contains the EU Model Clauses, which are industry standard for data safety. This means that we agree to protect any data originating from the EEA in line with European data protection standards.
In line with our current policies, we will promptly inform you of any incidents involving your users’ personal data.
We look forward to continuing to build on our commitment to data security and privacy. If you have any questions about how GDPR affects you as a customer, our support team is happy to help.
2. Coordinate with our partners
3. Educate Asylum Labs employees
4. Take security measures
5. Prepare Data Processing Agreements (DPAs)
6. Certify for International Data Transfer
7. Prompt breach notifications