GDPR

 

 

The General Data Protection Regulation (GDPR), the EU’s new privacy law that replaces the Data Protection Directive 95/46/EC, aims to bring order to a patchwork of privacy rules across the EU. GDPR will be enforceable as law in all EU member states on May 25, 2018. If you would like to read the GDPR, please find it here: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

The GDPR is European legislation designed to harmonize data protection across the EU. It imposes new regulations for companies to protect consumers regarding data processing, access, and security, in addition to tougher enforcement for breaches of the rules.

The GDPR was created around six core principles for personal data and the belief that personal data should be:

  • Lawfulness, Fairness, and Transparency – Processed lawfully, fairly, and in a transparent manner in relation to individuals.
  • Purpose Limitation – Collected for specified, explicit, and legitimate purposes and not processed beyond those purposes.
  • Data Minimization – Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy – Accurate and, where necessary, kept up to date.
  • Storage Limitation – Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and Confidentiality – Processed in a manner that ensures appropriate security of the personal data.

The GDPR contains several new protections and threatens significant penalties for non-compliance. In addition, there are new security, recordkeeping, access rights, and notification procedures that companies must implement to ensure compliance. Issues that are attracting particular attention include increased administrative requirements and the need to provide the tools necessary to meet the numerous obligations on both controllers and processors.

GDPR and Kapost

Kapost takes its legal and regulatory obligations seriously. Moreover, we take data privacy and security very seriously. We are constantly working to ensure we collect, process, and share the data we deal with in a lawful, transparent manner.

To that end, we wanted to share with the Kapost community some information about Kapost’s practices and procedures related to data collection and GDPR compliance.

Security

The Kapost platform is packed with enterprise security features that make us the trusted platform for hundreds of companies. Kapost has implemented appropriate technical and organizational measures to satisfy the requirements of the GDPR, to ensure the level of security of personal data is appropriate to the level of risk, and to help ensure the protection of the rights of individuals.

Sub-processors

Hosting

  • Amazon Web Services
  • Heroku

Document Viewing

  • CloudConvert

Email

  • SendGrid

Application Logging

  • Papertrail

 

GDPR Contract Update

Both Kapost (processor) and its customers (controllers) are jointly and separately responsible for certain actions under the GDPR. Therefore, the GDPR requires shared responsibility to protect an individual’s privacy rights. GDPR Article 28 requires that a contract be in place between a controller and a processor. For years, the Kapost Terms and Conditions have provided the fundamental legal requirements and obligations regarding data ownership, confidentiality, processing responsibilities, and more.

However, if a customer of Kapost desires to update their agreement with Kapost with any GDPR-specific language, please email Kapost at: privacy@kapost.com.