GDPR compliance
From May 25, 2018 your business will face the greatest regulatory change in data privacy policy since the 1995 EU Data Protection Directive was enacted: the EU General Data Protection Regulation (GDPR). The European Union will begin enforcing the GDPR from May 25, 2018 in an effort to strengthen the security and protection of personal data of EU residents.In keeping with our ongoing commitment to privacy and security, Gift Up! is ready for GDPR.
In keeping with our ongoing commitment to privacy and security, Gift Up! is ready for GDPR.
It is legally impossible for SaaS software like us to be "certified" GDPR compliant, instead we build the foundation for your business in becoming GDPR compliant. As we hold some Personally Identifiable Information of your customers we have an obligation to comply with the principles with the GDPR legalisation.
Specifically, here is how we’ll support our customers and comply with GDPR:
- An updated Data Processing Agreement (DPA) that reflects the requirements of GDPR.
- Product capabilities to help you be compliant when users request you delete or suppress their data.
Our commitment as a data processor
Data controllers are companies that supply goods or services to EU residents, or that track or monitor EU residents and decide why and how data is collected and processed. As one of our customers, you are likely a data controller under the GDPR. One of your requirements as a data controller is to only work with compliant data processors.
Data processors are vendors or businesses that process data on behalf of data controllers.
As a gift card platform, Gift Up! is considered a data processor. We are ready for GDPR as both a data controller and when acting as a data processor on your behalf.
- Updated Data Processing Agreement: Reflecting the changes due to GDPR regulation
- Technical and organisational security measures: Gift Up! takes a holistic, risk-based approach to security. This means our platform secures your data in transit and at rest, restricts and secures data access, and provides continuous incident monitoring.
Helping you achieve compliance
If you collect data about EU residents, you are likely considered a data controller under GDPR. One of the biggest challenges you will face as a controller will be managing individuals’ requests to exercise their rights as defined by the Regulation.
With regards to the additional rights defined in the GDPR, including the rights to access, data portability, and rectification, Gift Up! already enables you to be compliant:
- Rectify user data: GDPR empowers individuals to correct any personal data that is deemed inaccurate or incomplete. Inside our dashboard you can alter gift card sales to reflect any corrections required by your customers
- Honour the rights to access and portability: Under GDPR, EU residents have a right to access their personal data and are entitled to obtain their personal data in a commonly used format, such as a CSV file. In the Gift Up! dashboard you are able to download all gift cards for a particular customer and provide it to them.
- Support for deletion requests: You are able to remove any Personally Identifiable Information via our dashboard for a particular gift card. You are also able to email a request to us at gdpr@giftupapp.com to do it on your behalf.