The General Data Protection Regulation (GDPR) provides new, consistent standards across the EU to protect the rights of EU citizens regarding how their personal data is being used. It went into effect on May 25, 2018 and applies to any company that uses personal data from EU citizens.

We are committed to privacy and security and were ready for the GDPR as it came into effect on May 25, 2018. But that’s not all. As a Processor for your user data, we are also committed to making it easier for you to comply and equipping you, our customers, with easier paths towards your compliance with the GDPR.

Here we’ll provide a quick overview of GDPR and share what we did to prepare.

GDPR Basics

Replacing the existing EU privacy directive 95/46/EC, which has been in place for over 20 years, the GDPR strengthens and expands the privacy rights of individuals in an era in which much of life takes place online.

The GDPR is extensive, affecting not just businesses based in the EU but also any company that processes the personal data of EU citizens. For instance, if you’re sending data about a person in the EU to Textline, it’s likely that the GDPR applies to you.

The Data Protection Principles set forth in the GDPR include requirements like the following:

• Personal data collected must be processed in a fair, legal, and transparent way and should only be used in a way that a person would reasonably expect.
• Personal data should only be collected to fulfill a specific purpose and it should only be used for that purpose. Organizations must specify why they need the personal data when they collect it.
• Personal data should be held no longer than necessary to fulfill its purpose.
• People covered by the GDPR have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization.

What Did Textline do to Prepare for GDPR?

As a customer of Textline who puts data about your end users into our product, you are a Data Controller. We act as a Data Processor for you. We’re also a Data Controller in supplying services to you (as a Textline customer) and making decisions about your personal data.

We got ready for GDPR by preparing for our own compliance — as well as making it easy for you to comply as a data controller. Here is an overview of what we’ve done so far:

Data Processing Agreement

We reviewed all our legal agreements and made any required changes to be GDPR compliant. We updated our Data Processing Agreement, Terms of Use, and Privacy Policy and posted them on our website in advance of the GDPR deadline. We also made sure that any vendors we use as sub-processors are GDPR compliant. You can find a complete list of our sub-processors here: https://textline.com/legal/sub-processors.

Security and Data Management

Textline already employed strict policies and procedures around security and data management. Additionally, we designated an internal team and engaged outside expertise to enhance security standards that protect our customers’ data and follow GDPR requirements.

• We appointed a Data Protection Officer to ensure ongoing GDPR compliance. You can contact them at dpo@textline.com.
• We instituted processes that ensure prompt notifications to customers and GDPR authorities as required in the unlikely event of a data breach.
• We formalized and documented our internal policies related to data security.
• We put safeguards in place to ensure secure and proper handling of data stored outside of the EU as required.
• We will continue, as has been our practice, to only process personal data according to our customer’s instructions.

Textline Capabilities

Textline already enables compliance with requirements regarding the right of data rectification and the right to be forgotten:

• Right to rectify user data: GDPR gives individuals the right to rectify any inaccurate or incomplete personal data. In Textline, end user data can be adjusted at any time.
• Right to be forgotten: We honor requests from your end users to delete their information, such that associated user data and historical data and permanently deleted from our data stores.
• Accountability: Textline has role-based permissions, supports encryption at rest of all associated account data, and many data management tools.

We fully support the GDPR and think it’s a good thing to treat customers and their data with care and respect. Our mission is to help companies like yours create better customer experiences with relevant communication and that requires the fair and secure use of personal data that was given with full consent and transparency.

If you have any questions or concerns regarding GDPR and Textline, please send us a detailed message to dpo@textline.com.