The EU General Data Protection Regulation (GDPR) is the most comprehensive change to EU data privacy law in decades. It will take effect from the 25th May 2018. The Mediarails team is working hard to ensure our full compliance by this date.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. For EUR residents, the regulation aims to increase their control over their personal data. For businesses, the GDPR becomes a unifying regulation across the EU. Once the GDPR takes effect on the 25th of May, it will replace the 1995 Data Protection Directive.
Does this affect me?
The GDPR regulation applies to any EU residents’ data, regardless of where the processor or controller is located. This means that if you’re using Mediarails from the US to reach out to other US corporations, the regulation doesn’t affect you. But if some of your customers or leads are in the EU, you should pay attention to it.
In practice, most companies need to take the GDPR into consideration.
Data Processing Addendum
Mediarails, Inc is in most cases a data processor. As a data controller, under Article 28 of the GDPR, you need a data processing addendum (DPA) signed with your processors. We’ve made this procedure simple and have the contract ready to be signed. Contact us at [email protected] to get started.
How Mediarails is complying with the GDPR
Even though the GDPR only applies to data from EU residents, we took the decision to apply broadly the requirement of the regulation. This means we don’t restrict any privacy-related feature based on the geographical location of a data subject.
We do still provide a great degree of control across most of our discovery tools to enable different searches and rules for different target geography.
Here are some of the actions we’ve taken to ensure we’re compliant:
We’re taking the security of the data we manage very seriously. Over the last few months, our architecture has been vastly upgraded: Our entire cluster is systematically behind a firewall. Access has been further restricted. Two-factor authentication is required for most services.
We’ve also subscribed to Cloudflare to provide a Web Application Firewall (WAF) and a systematic block of potential threats.
We encrypt all our data as it is saved in our databases. All connections to the Mediarails app require secure https.
To improve, debug or prevent fraud on the service, we keep a variety of logs. We now make sure logs are destroyed at most 3 months after there collection date. We never use those logs of anything else than monitoring and debugging.
The GDPR gives the right to any user to download any data that he provides to a service. This allows for easier migration to other services. At Mediarails we allow you to export any of the data and we also have selected export of history of the changes.
Right of erasure
Our data discovery tools deal with publicly available web data. If a data subject wishes to speed up the removal of any in our index, we offer a simple an effective way to get removed or modify the information. It is then possible to either update the data or entirely remove it.
Any other questions?
Our work related to the GDPR is still in progress and you can expect this and related pages to be updated regularly. Should you have any other question, we’re here to help: [email protected]