Complying with the EU General Data Protection Regulation
What is GDPR
In 2012, the European commission began the process of reforming current data protection rules to make them more relevant to todays world, more comprehensive to cover a wider range of data coverage with the aim of achieving a more standard approach to data protection across the whole EU. The new regulations were adopted in 2016 and will take effect for all business operating in the EU on the 25th of March 2018.
General Data Protection Regulation (GDPR) means more obligations on businesses and gives you further rights surrounding how data is stored and used about you.
How has SimpleKPI provided data processing in the past
From the very beginning SimpleKPI has held your data and privacy in the highest regard. To this end we have never shared any aspect of your personal or account data with any third parties. In addition, we do not use any of your personal data for generating statistics for any type of bench marking features. We have always believed that your data has always been your data and we would have no right to leverage that data for any other purpose other than to provide SimpleKPI and its supporting services to you.
What changes with GDPR
For most companies GDPR means that they will need to make significant changes to the way they use and protect customer date, but at the same time it’s a great opportunity for companies to bring their current data processing activities up to date and ensure that customer data is adequately protected.
GDPR requires organizations to demonstrate how they comply with data protection requirements. This means providing additional documentation of processes and procedures surrounding data processing.
Enhanced rights for EU citizens
In addition to the existing rights of customers data in the EU, GDPR builds upon those rights by introducing new data protection rights for individuals including the right to erase data and the right to reuse data across different services.
Privacy built in
GDPR brings the idea of privacy across all aspects of data processing to the forefront of product design. Ensuring that privacy should be considered from the initial design stage through the entire product life cycle.
What have we done:
Additional Changes include:
- Clearer and easier to understand Privacy and Terms.
- Additional detail on storage, protection and data processing
- Easier processes for deleting trials and accounts and their associated data.
- Instant download tools for data
- Updated our internal processes with regards to data access.
- We conducted an in-depth data mapping exercise tracking how we use customer data across the application and support services.
- We created a GDPR data compliance document and agreement available here
Where does SimpleKPI Store Data?
All data storage and hosting is provided by Microsoft Azure data centers, this handles all of the backups and redundancy, – in addition it means that it is replicated in a huge cluster, with every part of the system having multiple redundancy, backups are made throughout the day and stored for a rolling 30 days period.
The Azure platform has a multitude of data centers around the world where data is replicated, for security Microsoft do not publish the precise location.
How does SimpleKPI comply with EU data export restrictions?
SimpleKPI does not export any EU citizen data to external data centers outside of the EU. This includes identifiable personal data such as Names and Email Addresses.
What security measures do we have in place to protect data?
SimpleKPI is PCI DSS certified, it is hosted and maintained on Microsoft Azure and follows strict security processes and procedures. This includes Multi Factor Authentication, Data encryption, Storage Account Keys, Anti Malware.
More on Azure Security can be found here:https://www.microsoft.com/en-us/trustcenter/security/azure-security
What if there is a security breach?
Any notification from Microsoft to a data breach is issued to any effected accounts within 2 hrs, detailing the date, and type of data, including any additional information passed to us by Microsoft.
GDPR Data Processing Agreement