Snaps Is GDPR Compliant - What You Need To Know

Screen-Shot-2018-05-21-at-11.43.54-AM.png

Summary Snaps is prepared for the General Data Protection Regulation ("GDPR") which goes into effect on May 25th, 2018.   Snaps is also committed to assisting our customers in their obligations related to the GDPR. You can reach out to your customer success manager or email gdpr@makesnaps.com with questions. 

So what is the GDPR?

The GDPR is a new regulation aimed at strengthening and unifying the data protection rights of all individuals residing in the European Union ("EU"). This new law restricts how the personal data of EU residents can be transferred, processed and stored, regardless of whether such activities take place within or outside of the EU.

The obligations of the GDPR include, but are not limited to:

- Obtain consent for the purpose of the personal data you collect

- Provide an individual with information regarding the personal data you collect and its purpose

- Share this data with the individual in a portable format, upon request

- Enable the individual to delete the data stored about them

- Provide the ability to correct data that is incorrect about an individual

- Allow individuals the ability to opt out of any direct marketing

The GDPR makes a distinction between the two roles in the management and processing of personal data; These roles are the "Data Controller" and the "Data Processor".  The Data Controller owns the relationship with the individual and is ultimately responsible for making and policing decisions in regards to how and why the data is processed.  The Data Processor is any organization that handles and processes data on behalf of the Data Controller.

If you are a Snaps customer, you are the Data Controller. Snaps is the Data Processor, in most cases.  Each role has their own responsibilities, but Snaps is here to help you meet the obligations of the GDPR.

What has Snaps done to prepare?

Over the past year, our team has been busy evaluating our platform, classifying our data, reviewing our vendors, and auditing our security programs to prepare for the GDPR to go into effect.  Our platform supports the users right to know, right to be forgotten, and right to data portability. We have also created templates that allow you to implement user flows that address the requirements of the GDPR.  Your Snaps customer success manager will work with you to implement compliant experiences that are specific to your application, messaging platform and target market.

In addition, our security program and policies fully address the notification and “Privacy by Design” requirements of GDPR.  Your users' data is encrypted in transit and at rest. We take a least privilege approach to data access. Our system is "designed by contract" with security as the main consideration across all services and applications. All servers and databases run a host intrusion detection system, which provides proactive notification of potential breaches.  Our non-production environments are cleansed of personal data.

Feel free to reach out to your customer success manager or email us at gdpr@makesnaps.com with any questions.