TextMagic Commitment to the GDPR
The GDPR (General Data Protection Regulation (EU) No 2016/679 of the European Parliament and Council) is an important piece of legislation that is designed to strengthen and unify data protection laws within the European Union.
The most up to date TextMagic documents
What is TextMagic doing about the GDPR?TextMagic began to dedicate internal resources to the implementation of GDPR in its activities in September 2017. We did this because we value our customers (and their customers) rights to privacy. Compliance with and to international law and regulations are very important to us.
Here’s a condensed version of our GDPR roadmap and where we are on our journey:
|Thoroughly research the areas of our product and our business impacted by GDPR.||COMPLETED|
|Appoint a Data Protection Officer.||COMPLETED|
|Develop a strategy and requirements for how to address the areas of our product impacted by GDPR.||COMPLETED|
|Rewrite our Terms of Service to be compliant with GDPR.||COMPLETED|
|Pass the data protection audit and get the official confirmation letter of TextMagic’s full GDPR compliance.||COMPLETED|
|Perform the necessary changes/improvements to our product based on the requirements.||COMPLETED|
|Implement the required changes to our internal processes required to achieve compliance with GDPR.||COMPLETED|
|Thoroughly test all of our changes to verify and validate compliance with GDPR.||COMPLETED|
|Finalize and communicate our full compliance.||COMPLETED|
I’m new to the GDPR and would love more details on itThe GDPR is considered to be the most significant piece of European data protection legislation to be introduced in the European Union in 20 years and will replace the 1995 Data Protection Directive 95/46/EC. The GDPR regulates the processing of personal data of individuals including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”). The GDPR gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached. The GDPR enhances individuals’ privacy rights and places significantly enhanced obligations on organizations handling data. In summary, here are some of the key changes to come into effect with the upcoming GDPR:
- Expanded rights for individuals: The GDPR provides expanded rights for individuals by granting them, amongst other things and subject to certain conditions, the right to be forgotten, the right to request a copy of any personal data stored in their regard, the right to request data portability.
- Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
- Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
- Increased enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. Also, the GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
Frequently Asked Questions
What is the GDPR?
The General Data Protection Regulation (EU) No 2016/679 of the European Parliament and Council (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union in 20 years and will replace the 1995 Data Protection Directive 95/46/EC. The GDPR enhances individuals’ privacy rights and places significantly enhanced obligations on handling data.
What does the GDPR regulate?
The GDPR regulates the processing of a data subject’s personal data located in the European Union and/or by a data processor located in the European Union including collection, storage and transfer or use of personal data. The GDPR gives data subjects more rights and control over their data by regulating how organizations should handle and store any personal data they collect.
When do we need to comply with the GDPR?
As of the 25 May 2018, we need to be compliant with the provisions of the GDPR.
What rights will data subjects have under GDPR?
The GDPR grants eight fundamental rights to data subjects. These are:
- Right to be informed – Entities must be transparent in how they are using personal data and must inform data subjects of this.
- Right of access – Data subjects will have the right to know what personal data is held about them and how it is processed.
- Right of rectification – Where reasonably possible, data subjects will be entitled to have personal data rectified/edited if they feel that it is inaccurate or incomplete.
- Right to erasure – This is also sometimes referred to as ‘the right to be forgotten’, Here, data subjects have the right to have their personal data permanently deleted upon their request and they do not have to provide a reason for the request.
- Right to restrict processing – Data subjects have the right to block processing of their personal data.
- Right to data portability – Where reasonably possible, data subjects have the right to retain and reuse their personal data for their own purpose.
- Right to object – In certain circumstances, data subjects are entitled to object to their personal data being used. This includes, if personal data is used for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.
Who does the GDPR apply to?
The provisions of the GDPR apply to any entity located in the European Union, regardless where the processing of personal data occurs, and to any entity that processes personal data of individuals located in the European Union, including tracking their online activities, regardless of whether the entity has a physical presence in the EU.
We are based in the UK. Do we still need to comply due to Brexit?
Yes! The UK government has confirmed by now that the GDPR principles shall be applicable in UK even post-Brexit.
What happens if we don’t comply with the GDPR?
Lack of compliance can result in fines of up to 4% of annual global turnover or €20 Million (whichever is largest) for breaching the GDPR.
Do we need to appoint a Data Protection Officer?
As we engage in large scale systematic monitoring of personal data, we have made the decision to appoint the Data Protection Officer.
What is the difference between a Data Processor and a Data Controller?
A Data Controller represents the entity that determines the purposes, conditions and means of the processing of personal data. The Data Processor is the entity which processes personal data on behalf of the controller. In your entity’s relationship with TextMagic, you are the Data Controller of your end user’s personal data (assuming you are capturing some) and TextMagic is the Data Processor.