In 2016, the European Commission approved the new General Data Protection Regulation (GDPR). GDPR regulates the processing of personal data about individuals in the European Union, including how that data is collected, stored, transferred and used. The concept of "personal data" is defined very broadly, and covers any information relating to an identified or identifiable individual — anything from their name and email to potentially their online IP address.
GDPR gives people more rights and control over their data, including the right to be forgotten or the right to request a copy of any personal data you have collected about them. GDPR also requires organizations implement appropriate policies and security controls to protect personal data, keep detailed records on data activities, and enter into written agreements with vendors that process personal data on their behalf.
GDPR applies to any organization that processes personal data of individuals in the European Union, including tracking their activities online. If your website accepts visitors or customers from the European Union, you are most likely impacted by this law. Under the GDPR, authorities can fine organizations up to €20 million or 4% of the company's global revenue, so the stakes for compliance are high.
No. A company is allowed to transfer personal data outside of the EU provided that it puts in place a mechanism, approved under GDPR, to make sure that personal data is adequately protected even when it is transferred outside of the EU. We are certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks to satisfy this requirement, and also offer a Data Processing Addendum (DPA) to customers that require it.
As our servers are located in the United States, we have certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, a mechanism that had been approved for cross border transfer of personal data under the Data Protection Directive and expected to apply under GDPR as well.
As a Data Controller, you may need to respond to requests from users to receive a copy of their personal data, amend that data, delete that data, or stop processing their data. We will work with you to respond to these requests in required time frames.
We have added new features to your People Explorer tool to help you locate all the data you have collected about a person, export all of that data on request, or delete it all easily.
As a user of Improvely, you should:
Here are some resources we think you may find useful: