What is the GDPR?
The General Data Protection Regulation (GDPR), effective 25 May 2018, is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU). The GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.
Who does the GDPR apply to?
The GDPR not only applies to organisations located within the European Union (EU) but it also applies to organisations located outside of the EU if they offer services to, or monitor the behaviour of, EU data subjects. If you are sending email campaigns to individuals located in the EU, the law applies to you. And as we send email campaigns to individuals located in the EU on your behalf, the GDPR applies to us too.
Does Concep comply?
Yes, as a data processor, we will comply with the GDPR and have already put in place the necessary policies and processes to ensure compliance before 25 May 2018. We have updated our Terms and Conditions to reflect the GDPR requirements for processors, including a version which contain the Standard Contractual Clauses (also known as Model Clauses) that ensure an adequate level of data protection is in place to transfer personal data outside of the EU if required to provide certain services.
For further information on how we comply with specific GDPR requirements, please refer to the following sections of the updated Concep Terms & Conditions and Concep Security documentation:
- Data Protection: Section 7 of Concep Terms & Conditions 2018
- Data Processing Information: Schedule 1 of Concep Terms & Conditions 2018
- Security measures: https://www.concep.com/solutions/information-security/
- Concep Information Security Policies: Concep Group Limited - CCISP v3.1 (Available on request)
- Data Breach Communication: Concep Incident Response Plan v1.7 (Available on request)
In addition, we will assist with client requests that may result from the expanded rights of EU individuals (e.g. right of access, right to rectification, restriction of processing, right of erasure/right to be forgotten, data portability, object to the processing, and right not to be subject to automated decision making)
- In many cases, you may be able to access the requested data from within your own account, see https://support.concep.com/hc/en-us/categories/360000236593-GDPR
- Where this is not possible, we will provide additional assistance
- Please direct all requests to firstname.lastname@example.org
Please note: The above information is not a substitute for legal advice. We strongly recommend you seek your own legal counsel regarding GDRP compliance for your organisation.