GDPR Simplified & How CaféX is Ensuring Compliance in 2018

By Rob Hill - March 21, 2018

Hello readers and welcome to my second blog post.

I wanted to provide you with a quick update on the EU GDPR initiative and what CaféX is doing to ensure we are compliant with the new regulations.

A full update will be published in the coming months as we move closer to the May 25th deadline but, in the meantime, below are some answers to FAQs regarding GDPR. Also, here's a link to CaféX Communications' Information Security Whitepaper.

gdpr-cloud-compliance-picture-blog.png__770x497_q85_crop_subsampling-2_upscale.png

What Is GDPR?

Everyone has heard of GDPR but what is it and what does it mean?

The General Data Protection Regulation (GDPR) is built upon the much older Data Protection Act 1998 (DPA) and is seen as a refresh of its views on the privacy requirements of personal and sensitive data. The original DPA was created 20 years ago when technology was in its infancy and much of the technology we have today simply didn’t exist then. E.g. 10 years ago their was no understanding of an IP address linking to a personal identity.  Thus, GDPR has been introduced to ensure that all companies - no matter what size - ensure they are protecting personal and sensitive data seriously.

The GDPR comes into force on the 25th of May in 2018 (just over 2 months from now) for any and all companies around the world which process data on or behalf of EU Citizens.

How will GDPR work?

Is GDPR only a EU (European Union) thing?  NO, here’s a simple example of a typical scenario where the GDPR would apply globally: John Smith is on the marketing list of “Global Corporation” that is based in the US.  However, John lives in France but has somehow ended up on a product marketing list (e.g. visited a US event or from an internet search result) for his US company.  He is a French/EU citizen and under GDPR, your company requires consent in order for him to keep receiving emails.

Meanwhile, if a given company or organization does not process any data of any person within the EU, then the GDPR does not apply to that company or organization.

GDPR revolutionizes the way we think about personal data/communications and Global companies will have to take into account actual end user location not just online published locations.  

How CaféX will ensure GDPR compliance?

Behind the scenes, CaféX Information and Security team been very busy preparing for the GDPR to ensure that our customers’ data is protected and that we remain compliant across our full range of products and services.

We have set up a dedicated compliance programs page which can be found here - https://compliance.cafex.com/en/compliance-security/compliance-programs/ - along with GDPR-specific compliance information here - https://compliance.cafex.com/en/compliance-security/eu-gdpr/

For any questions relating to GDPR, subject access or right to be forgotten requests please email us - compliance@cafex.com - and/or visit our complete website on Compliance and Information Security: https://compliance.cafex.com.

To find out more about our secrutiy of our platform and products please contact us , we would love to hear from you.