System

Check service availability and performance

LEARN MORE

Security

See how Maropost safeguards your data

LEARN MORE

Compliance

View our technical certifications landscape

LEARN MORE

API

View our API Documentation

LEARN MORE

GDPR and Maropost

Maropost has always been committed to upholding data processing standards and best practices. With prior Privacy Shield and ISO 27001 certification, Maropost was already in line with several key policies introduced by the European Union General Data Protection Regulation's (GDPR). With the onset of GDPR on May 25, 2018, we have ensured that Maropost not only meets, but exceeds GDPR standards. As well, we have ensured that our platform provides the tools necessary for our clients to achieve compliance.

While this page is not a complete resource for achieving GDPR compliance, we wanted to give our clients an easy way to access and understand some of the basic tenets of GDPR. For a full understanding and to guarantee compliance, consult your legal counsel.

1. What is GDPR

The General Data Protection Regulation is a new set of rules for the processing and protection of personal data, which will go in effect on May 25, 2018

2. Why Was GDPR Introduced?

Acting as a replacement for the Data Protection Directive, GDPR was created to give better data access and protection to individuals in the EU—with a focus on consent for data collection, storage, and usage.

3. Who Does GDPR Impact?

GDPR impacts any organization that is operating in the EU, selling its products or services to EU consumers, or collecting personal data on individuals in the EU. Whether your organization is acting as a controller (the entity determining how and why personal information is used) or a processor (the entity processing personal information on the controller’s behalf), you will need to comply to the new GDPR framework.

4. What is Considered Personal Information?

Personal information is anything that could be used to directly or indirectly identify a person or “Data Subject.” Some examples include:

  • Names
  • Photos
  • Email addresses
  • Banking details
  • Posts on social networking sites
  • Medical information
  • Computer IP addresses

5. What are the Main GDPR Requirements?

Stronger consent conditions

Under GDPR, companies need to be clear and upfront with contacts about what they are consenting to, while also making it easy to withdraw consent at any time.

Breach notifications

Within 72 hours of a data breach, organizations will need to notify their contacts.

Right to access

One of the central tenets of GDPR is data access for consumers. GDPR-compliant companies must allow their contacts access to information on how, where, and why their data is being used—and also provide a free electronic record of their personal data.

Right to be forgotten

With the introduction of GDPR, consumers can now request the erasure and cessation of use of their data by organizations who previously had access.

Data portability

Consumers can also request to receive their personal data, to transfer it to another controller.

Privacy by design

GDPR requires organizations to build data more deeply into their systems, rather than treating it as an add-on or afterthought.

Data Protection Officers

While not a universal requirement, public authorities, organizations engaging in extensive systematic data monitoring, or organizations engaging in extensive processing of sensitive personal data will be required to appoint a Data Protection Officer.

6. What Are The Penalties for Non-Compliance?

Companies failing to comply with GDPR will face significant fines, with the harshest possible penalty being €20 Million or 4% of the company’s annual global revenue.

Achieving GDPR Compliance

What You Can Do

  • Every organization is different, you can only ensure compliance by consulting your legal counsel
  • Read through the regulation documents to familiarize yourself with the GDPR requirements
  • Review and evaluate your current data processing structure, outlining any non-compliant practices or areas requiring new practices
  • Follow up on any suggestions from your legal team, adjusting your plan and processes accordingly

What Maropost is Doing

Maropost is committed to continually improving our data practices, ensuring our compliance as your data processor.

  • GDPR compliant
  • Privacy Shield
  • ISO 27001
  • ISO 9001
  • ISAE 3402
  • PCI-DSS
  • HITRUST CSF
Compliancy Badge Compliancy Badge Compliancy Badge Compliancy Badge Compliancy Badge Compliancy Badge Compliancy Badge