Last updated on 10/03/2023
For that purpose, we considered it important to let you know about the new General Data Protection Regulation (GDPR). The General Data Protection Regulation (GDPR) is a comprehensive privacy and security law that requires organizations worldwide to comply with certain obligations if they collect or target data related to people in the European Union (EU). Approved in 2016, the GDPR went into full effect two years later.
Businesses of all sizes are required to be in compliance with the GDPR, going forward. The GDPR is very broad in scope and can apply to businesses both in and outside of the EU.
Businesses that don’t comply with the GDPR could face heavy fines.
Disclaimer : Please note that EngageBay is offering you this content for informational purposes only and should not be relied upon as legal advice. We encourage you to consult legal and other professional counsel to fully understand how GDPR applies to your organization and business activities.
Enforced since May 25, 2018, GDPR replaced the 1995 EU Data Protection Directive and aims to protect individuals and their data, ensuring that data collection is done responsibly. The GDPR applies to anyone dealing with personal data of EU citizens or residents, or providing goods or services to them, regardless of their location.
Essentially, the 1995 Data Protection Directive, also known as Directive 95/46/EC, will now be out of date. There’s no legislation required with the GDPR, which is different from Directive 95/46/EC. Any laws or rules under the GDPR are thus effective immediately.
Those EU member states will follow a single set of rules that mandate they have an independent supervisory authority or SA. This SA is in charge of managing and resolving administrative offenses and complaints.
Companies with a strong business presence across and outside of the EU will rely on a lead authority SA at its main headquarters. This SA becomes a one-stop shop and has all data from said company. There will also be a European Data Protection Board or EDPB that supersedes the Article 29 Working Party.
In all other instances, the GDPR has a data controller, which will oversee cloud service provider data for organizations, processors, and residents within the EU.
These processes are installed so personal data is protected, which is “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address,” by European Commission standards.
The goal of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world. The GDPR protects the following key rights:
It’s worth keeping in mind that before GDPR, you still had to meet regulations when processing personal data.
GDPR simply means data controllers must make a greater effort to process personal data within the law. They also have to make it clear how data will be processed – and ask for consent. And if there’s a personal data breach, they need to notify the supervisory authorities and data subjects as soon as possible
Unlike past laws, GDPR also refers directly to data processors – and outlines how they must now comply.
If you have an EngageBay account, you’re the controller of your contacts’ personal data. That’s because you decide why and how their information will be used. And that means you’re responsible and liable under GDPR.
GDPR may apply if you’re a data controller or a data processor:
What is a Data Controller?
A data controller is a natural or legal person, public authority, agency or other body that,alone or jointly with others, determines the purposes and means of the processing ofpersonal data. Where the purposes and means of such processing are determined by Union or for by Union or Member State law. (See Article 4, processes personal data on behalf of the controller. (See Article 4, GDPR)
What is a Data Processor?
A data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. (See Article 4 GDPR)
So, what does this mean?
EngageBay is the controller in relation to your personal data provided to us as a customer. You are the controller in relation to the contact data you upload and use in your EngageBay account.
EngageBay is your processor when we provide our services to you. For example, when facilitating the sending of emails to contacts and providing tools to manage your contact lists, we are acting as a processor on your behalf.
However, please note that it is your responsibility to ensure that you have the necessary notices and/or consents in place in order to transfer personal data to us for use.
In the scenarios listed above, your compliance with GDPR is mandatory.
On the other hand, you probably won’t need to comply if you simply have a website, email address, or other contact details that can be accessed in the EU – and the language is common to your country (and not to any EU member state).
Failure to comply could result in hefty fines. You will definitely want to be sure you’re in compliance ahead of the May 25, 2018 deadline. This is not something you can ignore and you wouldn’t want to put off preparing until the last minute.
EngageBay is GDPR compliant. As a customer of EngageBay, GDPR grants you expanded privacy protections and rights. We will be prepared to comply with these regulations and handle requests from you so that you are also in compliance.
Right to be forgotten – You may cancel and terminate your EngageBay account at any time. After receiving a request to be forgotten, we will permanently delete your account and all data associated with it within 30 days of receiving the request.
Right to portability – If requested, we will export your data so it can be transferred to a third party. You’re able to do this now.
Right to object – At any time, you may object (via opt out) to your personal data being used for specific purposes such as direct marketing, research, etc.
GDPR grants expands privacy protections and rights to your customers. EngageBay’s GDPR compliance program will help you comply with requests you receive from your customers.
Right to rectification – You can update your contact’s information at any time. Your contacts can reach out to EngageBay directly and we’ll correct or delete that information for them.
Right to be forgotten – If you receive a request to be forgotten, you’re able to delete a contact, which permanently removes his or her information from your account. If your contact reaches out to us directly with a valid request, we’ll notify you about the request and delete the contact’s data from your account, or across all EngageBay accounts, if requested, in order to comply with GDPR.
Right to portability – If your contact requests their personal data, you can export their data as a .csv file, which we will make available to you via a secure connection.
In addition, we are reviewing and updating, as necessary, our agreements with you and with our subcontractors (to include the necessary GDPR terms), as well as notices, policies and internal processes, features, and templates to assure our compliance and help you achieve compliance.
We are also certified with the DPF and \we \have what is considered " adequate privacy protection for the transfer of personal data outside of the EU and Switzerland".
On 10 July, 2023, the European Commission adopted its adequacy decision for the Data Privacy Framework.The adequacy decision concludes that the United States ensures an adequate level of protection – compared to that of the EU - for personal data transferred from the EU to US companies participating in the EU-U.S. Data Privacy Framework.
The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.
We are certified with the DPF and \we \have what is considered " adequate privacy protection for the transfer of personal data outside of the EU and Switzerland".
For any questions, feel free to write to us at: firstname.lastname@example.org