The General Data Protection Regulation (GDPR) went into effect on May 25, 2018, and replaced the Data Protection Directive 95/46/EC. GDPR was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.
GDPR affects any organisation located within EU but applies to organizations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects.
The new policy aims to protect clients’ information by introducing strict guidelines for businesses both inside the EU and that which is exported to businesses outside the jurisdiction.
At MailChannels, we are dedicated to protecting the security and privacy of our customers and their end users and are fully committed to complying with GDPR requirements.
What is GDPR?
The General Data Protection Regulation (GDPR) is a policy designed to harmonize data privacy laws across Europe. The aim of GDPR is to protect and empower all EU citizens’ data privacy and reshape the way organization across the region approach data privacy.
When did enforcement of GDPR come into effect?
May 25, 2018
Who does GDPR apply to?
GDPR applies both to organizations located within the EU and outside, if these organizations offer goods and services, or monitor the behavior of, EU data subjects.
Does GDPR apply to web hosts?
Yes. If a web host based in the EU OR outside the EU is processing the personal data of EU citizens using MailChannels then they must comply with GDPR. Many web hosts are likely to be both a data processor and a data controller under GDPR guidelines.
What constitutes personal data?
GDPR defines personal data as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.”
Is MailChannels in compliance with GDPR?
Yes, MailChannels has to — and does — comply with GDPR. MailChannels self-certifies and complies with the British Columbia Personal Information Protection Act (“PIPA”). As such, we already provide adequate protection to personal data originating from the EU and /or Switzerland.
Where can I find MailChannels contractual commitments to GDPR?
Is MailChannels a data processor or a data controller, as per GDPR definitions?
As the GDPR rules have yet to be thoroughly tested in court, it’s unclear as to whether MailChannels acts as a data processor, a data controller, or both. In any case, MailChannels is taking the precaution that we will be considered a data controller as well as a data processor, and are conducting ourselves accordingly.
When MailChannels is a data controller:
When MailChannels is a data processor:
MailChannels’ obligations with respect to personal data for which we are solely a data processor, such as personal data received from our customers or from other third parties that we use to generate and transmit email and other communications through the Services, are defined in our agreements with those customers and are not included in this Policy. In those circumstances, we receive personal data from the EU as an agent for the customer or other third party merely for processing. In those circumstances, our customers or those other third parties will remain responsible for personal data that they collect and for compliance with the applicable data protection laws.
What has MailChannels done to prepare for GDPR?
In 2016, MailChannels retained a leading German privacy law firm to research the legality of filtering outgoing email from web hosting services, in the specific context of MailChannels software and cloud services. The report of that firm is available on request. In addition to seeking this legal opinion, here is what we have done to prepare for GDPR:
• Updated the MailChannels Cloud Terms of Service Agreement to reflect GDPR regulations.
• Appointed a privacy officer to oversee the implementation of the new regulations.
• Created a dedicated email (firstname.lastname@example.org) to which customers can send any questions they may have about MailChannels and GDPR.
• Drafted a Data Processing Addendum which can be signed with customers to designate MailChannels as a data processor under the meaning ascribed to that term in the GDPR.
Will MailChannels help me to comply with GDPR?
If your use of the Services requires MailChannels to process personal data falling within the scope of GDPR, MailChannels’ GDPR Data Processing Addendum is available for e-signature by sending an email to email@example.com. Once executed, such GDPR Data Processing Addendum shall hereby be incorporated into this Agreement by reference. Please allow two business days for our privacy team to respond to DPA requests and note that the DPA takes effect only if you already have an agreement with MailChannels governing your use of MailChannels services, such as your agreement with our terms of service.
What data does MailChannels collect and store from customers?
Does MailChannels transfer information internationally?
Yes. With customers and data centers based in the EU, MailChannels transfers information internationally and as a result is in compliance with GDPR.