Maropost has always been committed to upholding data processing standards and best practices. With prior Privacy Shield and ISO 27001 certification, Maropost was already in line with several key policies introduced by the European Union General Data Protection Regulation's (GDPR). With the onset of GDPR on May 25, 2018, we have ensured that Maropost not only meets, but exceeds GDPR standards. As well, we have ensured that our platform provides the tools necessary for our clients to achieve compliance.
While this page is not a complete resource for achieving GDPR compliance, we wanted to give our clients an easy way to access and understand some of the basic tenets of GDPR. For a full understanding and to guarantee compliance, consult your legal counsel.
1. What is GDPR
The General Data Protection Regulation is a new set of rules for the processing and protection of personal data, which will go in effect on May 25, 2018
2. Why Was GDPR Introduced?
Acting as a replacement for the Data Protection Directive, GDPR was created to give better data access and protection to individuals in the EU—with a focus on consent for data collection, storage, and usage.
3. Who Does GDPR Impact?
GDPR impacts any organization that is operating in the EU, selling its products or services to EU consumers, or collecting personal data on individuals in the EU. Whether your organization is acting as a controller (the entity determining how and why personal information is used) or a processor (the entity processing personal information on the controller’s behalf), you will need to comply to the new GDPR framework.
4. What is Considered Personal Information?
Personal information is anything that could be used to directly or indirectly identify a person or “Data Subject.” Some examples include:
5. What are the Main GDPR Requirements?
Stronger consent conditions
Under GDPR, companies need to be clear and upfront with contacts about what they are consenting to, while also making it easy to withdraw consent at any time.
Within 72 hours of a data breach, organizations will need to notify their contacts.
Right to access
One of the central tenets of GDPR is data access for consumers. GDPR-compliant companies must allow their contacts access to information on how, where, and why their data is being used—and also provide a free electronic record of their personal data.
Right to be forgotten
With the introduction of GDPR, consumers can now request the erasure and cessation of use of their data by organizations who previously had access.
Consumers can also request to receive their personal data, to transfer it to another controller.
Privacy by design
GDPR requires organizations to build data more deeply into their systems, rather than treating it as an add-on or afterthought.
Data Protection Officers
While not a universal requirement, public authorities, organizations engaging in extensive systematic data monitoring, or organizations engaging in extensive processing of sensitive personal data will be required to appoint a Data Protection Officer.
6. What Are The Penalties for Non-Compliance?
Companies failing to comply with GDPR will face significant fines, with the harshest possible penalty being €20 Million or 4% of the company’s annual global revenue.
What You Can Do
What Maropost is Doing
Maropost is committed to continually improving our data practices, ensuring our compliance as your data processor.