SpamHero has always taken data protection very seriously and therefore needed to make relatively few changes operationally to meet the requirements of the EU General Data Protection Regulation (GDPR). We are pleased to announce that we completed the steps necessary for companies of our size to achieve compliance before the May 25, 2018 deadline. Some of the things we did to comply with the GDPR are:
To fulfill the requirements of GDPR Article 27, we have appointed a GDPR representative in the EU. The contact information for this representative is published in our new privacy policy.
In accordance with Article 28 of the GDPR, we have prepared a data processing addendum. Clients that are seeking to be GDPR compliant themselves, may send a request to privacy@isparks.com to receive the addendum that must be signed and returned to us to become binding.
In accordance with Article 30, we have completed a Record of Processing Activities and have provided a copy to our GDPR representative.
To further show our commitment to data privacy and security, we have completed the steps required for the EU-US Privacy Shield and Swiss-US Privacy Shield self-certification. You can learn more about the safeguards of the EU-US Privacy Shield on the the European Commission website. You can look up our certification on the PrivacyShield.gov website.
GDPR compliance is not a "do once and you're done" type of thing. We will be conduct an annual GDPR audit to identify areas where we can improve and continue to monitor updates to the GDPR.
If there are specific things that SpamHero can do to assist you in your GDPR compliance efforts, please contact our support team and let us know.