Complying with the EU General Data Protection Regulation

What is GDPR?

The European Commission started revamping data protection rules in 2012 to suit present-day needs. As part of this initiative, they made the regulations more exhaustive to include a wider range of data and standardized data safety practices across the EU. The updated rules were agreed upon in 2016, and they will come into effect on the 25th of March 2018 for all EU-based businesses.

General Data Protection Regulation (GDPR) means more obligations on businesses and gives you further rights surrounding how data is stored and used about you.

The main objectives of GDPR are to:

  1. Strengthen the security and protection of personal data.
  2. Harmonise data protection laws across the European Union.
  3. Give people more control over how their data is used.
  4. Increase accountability to ensure that companies take responsibility for complying with data protection regulations.

GDPR applies to any business or organization operating within the EU that collects, stores or processes personal information from individuals in the EU. It also applies if your organization offers goods or services to individuals in the EU, even if you’re not based there. This means most businesses outside of Europe must comply with GDPR when dealing with individuals in the European Union.

GDPR requires organizations to adopt a range of measures to ensure the security and confidentiality of personal data, including:

  • Implementing appropriate technical and organizational measures.
  • Providing clear information on how data is collected, used, stored and shared.
  • Having processes in place for dealing with any requests from individuals about their data.
  • Ensuring that all employees are aware of their obligations when handling and processing personal data.
  • Carrying out regular reviews to ensure compliance.
  • Reporting any breaches immediately.

How has SimpleKPI provided data processing in the past?

From the very beginning SimpleKPI has held your data and privacy in the highest regard. To this end we have never shared any aspect of your personal or account data with any third parties. In addition, we do not use any of your personal data for generating statistics for any type of bench marking features. We have always believed that your data has always been your data and we would have no right to leverage that data for any other purpose other than to provide SimpleKPI and its supporting services to you.

What changes with GDPR?

For most companies GDPR means that they will need to make significant changes to the way they use and protect customer date, but at the same time it’s a great opportunity for companies to bring their current data processing activities up to date and ensure that customer data is adequately protected.

Demonstrating Compliance

GDPR requires organizations to demonstrate how they comply with data protection requirements. This means providing additional documentation of processes and procedures surrounding data processing.

Enhanced rights for EU citizens

In addition to the existing rights of customers data in the EU, GDPR builds upon those rights by introducing new data protection rights for individuals including the right to erase data and the right to reuse data across different services.

Privacy built in

GDPR brings the idea of privacy across all aspects of data processing to the forefront of product design. Ensuring that privacy should be considered from the initial design stage through the entire product life cycle.

What we have done:

We've updated our Privacy Policy to echo the changes we've made to protect and strengthen your privacy rights, this includes more clarity on how we store and use your data.

Additional Changes include:

  • Clearer and easier to understand Privacy and Terms.
  • Additional detail on storage, protection and data processing
  • Easier processes for deleting trials and accounts and their associated data.
  • Instant download tools for data
  • Updated our internal processes with regards to data access.
  • We conducted an in-depth data mapping exercise tracking how we use customer data across the application and support services.
  • We created a GDPR data compliance document and agreement available here


Where does SimpleKPI Store Data?

All data storage and hosting is provided by Microsoft Azure data centers, this handles all of the backups and redundancy, – in addition it means that it is replicated in a huge cluster, with every part of the system having multiple redundancy, backups are made throughout the day and stored for a rolling 30 days period.

The Azure platform has a multitude of data centers around the world where data is replicated, for security Microsoft do not publish the precise location.

How does SimpleKPI comply with EU data export restrictions?

SimpleKPI does not export any EU citizen data to external data centers outside of the EU. This includes identifiable personal data such as Names and Email Addresses.

What security measures do we have in place to protect data?

SimpleKPI is PCI DSS certified, it is hosted and maintained on Microsoft Azure and follows strict security processes and procedures. This includes Multi Factor Authentication, Data encryption, Storage Account Keys, Anti Malware.

More on Azure Security can be found here:

What if there is a security breach?

Any notification from Microsoft to a data breach is issued to any effected accounts within 2 hrs, detailing the date, and type of data, including any additional information passed to us by Microsoft.

Additional Information
GDPR Data Processing Agreement

Get started with your KPI Software

Get started for free