How Satisfi Labs complies with GDPR
The EU General Data Protection Regulation (GDPR) sets a new standard for how companies use and protect EU citizens’ data. It took effect on May 2018.
At Satisfi Labs, we worked hard to prepare for GDPR, to ensure that we fulfill its obligations and maintain our transparency about customer messaging and how we use data. We've now completed our GDPR readiness program.
The EU General Data Protection Regulation (“GDPR”) is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It's a single set of rules which governs the processing and monitoring of EU data.
Does it affect me?
Yes, most likely. If you hold or process the data of an any person in the EU, the GDPR will apply to you, whether you’re based in the EU or not.
How Satisfi Labs prepared for GDPR
Our teams worked hard to ensure we complied with GDPR. This was a massive overhaul of processes and data models to make sure we met our legal obligations, and did the best thing for our customers while still letting us move fast, scale and build great products.
Here are the main things we did to ensure we set up ourselves and our customers to meet GDPR obligations:
We built new features
Our teams built the necessary features to enable our customers to easily meet their GDPR obligations.
Satisfi Labs can help you meet your data portability requirements for GDPR, you can easily export all of your data or granular subsets linked to an individual and permanently delete all data linked to an individual user. We also automatically expire visitor data that has not been seen in 9 months, to ensure we comply with GDPR.
We certified for International Data Transfers:
The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data.
To comply with EU data protection laws around international data transfer, we self-certified under the E.U.-U.S. Privacy Shield.
We coordinated with our vendors
We’re reviewing all our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them.
We took new security measures
Security is a priority for us. We have regular external audits and pentests. We’ve built a robust security framework and are reviewing our internal access design to ensure the right people have access to the right level of customer data. More details are available on our Security page.
We’ll keep sharing information on our progress, and we’ll also help our customers and prospective customers be compliant. Some steps you can take are:
Get familiar with the GDPR requirements and how they affect your company.
Map out everywhere you process data and carry out a gap analysis.
Look at your product roadmap, think about privacy when you’re planning.
Chat to your lawyer about what your company needs to do to.
Keep an eye on the developing guidelines from the GDPR Article 29 Working Party.
For any questions about how we handle GDPR, send an email to firstname.lastname@example.org.