SpamHero has always taken data protection very seriously and therefore needed to make relatively few changes operationally to meet the requirements of the GDPR. We are pleased to announce that we completed the steps necessary for companies of our size to achieve compliance before the May 25, 2018 deadline. Some of the things we did to prepare for this deadline are:
- GDPR gap analysis. We identified the requirements that applied to us and the tasks that we were required to complete.
- In accordance with Article 28 of the GDPR, we have prepared a data processing addendum. Clients that are seeking to be GDPR compliant themselves, may send a request to firstname.lastname@example.org to receive the addendum that must be signed and returned to us to become binding.
- In accordance with Article 30, we have completed a Record of Processing Activities and have provided a copy to our GDPR representative.
- Because our servers are located in the US, we have completed the steps required for the EU-US Privacy Shield and Swiss-US Privacy Shield certifications. The Privacy Shield provides the appropriate "safeguards" for transfers of data outside the EU as required by Article 46 of the GDPR. You can learn more about the safeguards of the EU-US Privacy Shield on the the European Commission website. We are now Privacy Shield certified and you can look up our certification on the PrivacyShield.gov website.
That being said, GDPR compliance is not a "do once and you're done" type of thing. We will be conducting an annual GDPR audit to identify areas where we can improve. We have already identified some areas that meet GDPR requirements, but where we can do even better, and so we will be making some additional changes.
If there are specific things that SpamHero can do to assist you in your GDPR compliance efforts, please contact our support team and let us know.
||Tip: This page is not intended to provide legal advice on the GDPR. Please seek professional legal advice to ensure your company is meeting the requirements of the GDPR. You may also read the full text of the GDPR online. (Note: This link is not the official GDPR website and is maintained by a third party provider that we are not affiliated with. We just like the way they formatted the regulations.)|