ABOUT GDPR, General Data
Protection Regulation

Effective May 25, 2018.

safe data

What is GDPR?

The General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy, and to reshape the way organizations across the region approach data privacy.

GDPR was adopted in April 2016 by the EU Parliament and will be effective on May 25, 2018.

The scope of GDPR is any processing of Personal Data from EU data subjects.
This means increased Territorial Scope (extra-territorial applicability). Indeed, GDPR applies to all organizations processing the personal data of data subjects residing in the European Union, regardless of the company’s location. In other words, a company based outside of the EU but processing personal data of EU residents will be required to abide by GDPR.

All EU organizations and any international company processing data from EU citizens which are in non-compliance by the due date may face heavy fines of up to 4% of annual global revenues or €20 Million (whichever is greater).

These rules apply to both Data Controllers (the company which owns the data, ie you, the Accengage customer) and Data Processors (the company which processes data on behalf of the Data Controller, ie Accengage).

Disclaimer: this web page was created to help you understand the new legislation and to illustrate how Accengage has taken action. Please bear in mind that the content of this web page is no legal advice and must not be used to determine whether or not your company is GDPR compliant. Accengage strongly recommends you to consult a specialized lawyer on the subject of GDPR.

The 7 Principles of GDPR

Lawfulness, fairness and transparency

Information and consent.

Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject. Data subjects must take a positive action to give consent and have to be told what their personal data will be used for.

GDPR Lawfulness, fairness and transparency

Purpose limitation

GDPR Purpose limitation

Specified, explicit and legitimate.

Personal data may only be collected for specified, explicit and legitimate purposes and must not be used for new, incompatible purposes. Organizations must also implement measures restricting further processing beyond the specified purpose.

Data minimization

Relevant data only.

Personal data must be adequate, relevant and limited to the specific purposes for which those data are processed, meaning only the data strictly necessary for the purpose shall be collected by a company.

GDPR Data minimization

Accuracy

GDPR Accuracy

Keeping data up to date.

Personal data must be accurate and, where necessary, kept up to date. Companies have to take every reasonable step to ensure that inaccurate personal data are either erased or rectified without delay.

Storage limitation

The right to be forgotten.

Personal data shall not be retained for longer than is necessary for the purposes for which the personal data were collected and processed. There are specific provisions for the storage of data for historical, statistical or scientific purposes and when archiving date is in the public interest.

GDPR

Integrity and confidentiality

GDPR Integrity and confidentiality

Keeping data secure.

Personal data must be processed in a manner that ensures appropriate security of those data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures. Controllers are responsible for keeping the collected data secure, from both external and internal threats.

Accountability

The controller is responsible.

The controller is responsible for, and must be able to demonstrate, compliance with the Data Protection Principles. The European GDPR requires companies to be proactive and to document their approach to compliance. The new role of a Data Protection Officer is part of this principle.

GDPR accountability

Rights of the Data Subjects

Right to be informed

GDPR Right to be informed

Your users need to be told what data are collected about them and for what purpose. They should give their clear consent.

Right of access and portability

GDPR Rich of access and portability

Your users may request to have access to their data which they can use for their own purposes across different services.

Right to Rectification

GDPR Right to rectification

Your users have the right to rectify their personal data if it is inaccurate or incomplete. The time frame to rectify is one month.

Right to Erasure and to Object

GDPR Right to Erasure and to Object

Your users may request their personal data to be deleted and that it is no longer collected or processed.

It is important to obtain the consent of your users on a legal basis to process their data.
Accengage provides you with the methods (SDK, API, manual) to help you fulfill the rights of your users in regards to the EU General Data Protection Agreement.

Our Steps Towards GDPR Compliancy.

We help you be GDPR compliant.

As the European leader for Push Notifications, Accengage has always undertaken ‘European-standards’ measures to maintain a high level of data protection, user privacy and software security. As a consequence, we help you comply with GDPR requirements.

Nomination of the Accengage Data Protection Officer (DPO).

Accengage has appointed a Data Protection Officer who coordinates all our internal steps, ensuring a smooth implementation of the new legislation. As part of this role, our DPO has worked with our legal counselor specialized on IT digital rights, defined our action plan, worked on our internal guidelines, trained the Accengage staff and will conduct regular audits to ensure our compliance with GDPR.

Review of Data Mapping.

During the past few months, Accengage has carried out a detailed mapping of the data we process. This has been documented internally, making sure the processing of personal data respects the legal obligations by the enforcement of the General Regulation Data Protection.

Review and Update of our Technical & Security Measures.

Audits and penetration tests were performed in order to protect and minimize user data, hence respecting the data protection by design and data protection by default principles. Review of data flow security, update of purge rules, obligation to have push certificates secured with a password and more.

Review and Update of our Internal Processes.

Accengage has implemented internal processes guaranteeing a high level of personal data protection at all times, taking into account all events which could occur when processing data: breach, managing requests for data access, staff training and more.

Documenting Compliance.

All actions put in place and documents created or updated with regards to the General Data Protection Regulation are collected, examined and updated regularly to ensure that we comply: Terms and Conditions, Data Processing Agreement and more.


Do you have more questions regarding
GDPR and Push Notifications?

Download our White Paper!

Discover our White Paper dedicated to the new European data protection regulation, intended to help you understand the essentials you should know and explain how the General Data Protection Regulation impacts Push Notifications.

Don’t miss out on this free guide to learn more about GDPR!

DOWNLOAD

GDPR and Push Notifications White Paper