At Digital Samba, we take our customers' security and data privacy seriously. With a global audience to consider, we fully comply with the General Data Protection Regulation (GDPR). The GDPR expands the privacy rights granted to European individuals and requires certain companies that process the personal data of European individuals to comply with a new set of regulations. In particular, the GDPR may apply to companies that process the personal data of European individuals and have a presence in the EU and to companies that do not have any presence in the EU but target the European market or monitor the behavior of European individuals. We are committed to helping our customers be in compliance.
What is GDPR?
As of 2016, the European Union (EU) approved a new privacy regulation called the General Data Protection Regulation, commonly known as the GDPR. The GDPR is designed to strengthen the security and protection of personal data in the EU, as well as provide businesses with a structured framework on how to collect, process, use, and share personal data. Under the GDPR, the concept of “personal data” is very broad and covers almost any information relating to a specific individual.
When are these regulations starting to be enforced?
All companies collecting or processing the personal data of EU individuals must be GDPR compliant by May 25, 2018.
Controllers and Processors
The GDPR defines and distinguishes between two parties and responsibilities when it comes to collecting and processing personal data:
- Data controllers — determines the purpose and ways that personal data is processed. Customers and organizations who use Digital Samba’s services fall under this definition.
- Data processors — processes data for the controller. Digital Samba falls under this definition.
The controller is responsible for ensuring that all processors with whom it deals will be GDPR compliant and the processors themselves must keep records of their processing activities.
What steps were taken by Digitalsamba.com following the GDPR requirements?
- We will always remain committed to our customers and helping them comply with GDPR while using our services to process their data.
- We worked with our engineering, product, security, and legal teams to make both our product and our legal terms line up with the GPDR and will continue to ensure they line up continuously. We have taken the following steps:
- We’ve written it as thoroughly and clearly as possible — making absolutely sure to inform you of the control you have over your personal information and data.
- Inserted opt-in and double opt-in to forms where data is collected.
- We sent an email to all of our contacts in the EU making sure they opted-in to product announcements and blog posts, as well as emails pertaining to executing their contracts with us.
Ease of deleting your data
- We’ve made the process in which your account can be deleted as easy as possible.
- Deletion within the app triggers an automatic removal of your data from our CRM and all corresponding systems, unless otherwise opted-in.
Security and process update
- Reviewed and strengthened our security infrastructure and practices, data encryption in transit and at rest, backup, logs, and security alerts.
- An audit and data mapping process were made to ensure any data that may be stored or processed is done so according to the GDPR instructions.
- We delete or anonymize users' data analytics after user deletion.
- We’ve reviewed and put the appropriate contractual terms in place to perform our role as a data processor for our customers while complying with the GDPR.
- We’ve put in place all the internal procedures, processes, controls, and team training to keep up with our compliance.
- All information pertaining to how we process data—information similar to a Data Processing Agreement (DPA)—is viewable in our Customer Agreement.
- The Customer Agreement also outlines customer expectations to lawfully use our products and services.
We’ll continue to monitor the guidance around GDPR compliance and ensure that our product and processes comply with these guidances when they become effective.
Does the GDPR prevent a company from storing data outside of the EU?
Nothing in the GDPR prevents businesses from storing data outside of the EU, as long as the data processor sticks to the necessary regulations and protections.
Where can I learn more about GDPR?
Additional information is available on the official GDPR website of the European Union.
I have more questions. Who should I contact?
If you have any additional questions about the GDPR you can contact us at email@example.com or through our Contact Page.