We’re just a few months away from mandatory compliance with GDPR. The European General Data Protection Regulation (GDPR) replaces the EU National Data Protection legislation and is due to take effect in May 2018. The GDPR is a new regulation to protect personal data of EU citizens. It affects all organizations (even outside of the EU) that process data of EU citizens.
In our previous article “Preparing for the GDPR”, we shared some resources for learning more about the GDPR. In this article, we’ll share what we’re doing to comply with the GDPR.
Is Status.io GDPR compliant?
Yes. Status.io is GDPR compliant.
We are a “processor” and we are required to have a data processing agreement (DPA) in place for each client. If you don’t already have a DPA, it’s easy to create one with us by contacting support.
GDPR-Specific Data Compliance
Personal data is stored in various locations including: United States, Canada, Ireland, Australia.
Personal data we collect: email address, SMS address, IP address.
Personal data is processed through Amazon Web Services (AWS) and Twilio for email and SMS message delivery. DPA’s are in place with each processor.
To comply with the Conditions for Consent (GDPR Article 7), subscribers must opt-in to sign up to receive status notifications.
A subscriber can self-remove themselves and delete all data associated with their subscription. This is a requirement for the Right to Rectification and Erasure (GDPR Article 16).
In accordance with the Right to Restriction of Processing (GDPR Article 18), any person can request to never be processed through our system.
Additional Data Protection and Privacy Documents
At Status.io, we always treat personal data with care and respect. And we’re always looking for ways to improve our security and protections for data.