The EU General Data Protection Regulation (GDPR) is the most comprehensive change to EU data privacy law in decades. It took effect on the 25th May 2018. The ListFlow team worked hard to prepare for GDPR and ensure we fulfill its obligations.
How ListFlow complies with GDPR
Gaining a clear understanding of how our customers and partners will be affected was ListFlow’s team number one concern. From now on, you have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, have access to it.
Securing the data remains ListFlow’s primary concern. Over the last few months, our architecture has been vastly upgraded to ensure that our cluster is consistently behind a firewall.
User authentication is systematically verified while the storing and processing of the data is exclusively done on servers located within the EU zone.
Ensuring User Data Protection
Our compliance with GDPR revolves especially around three key aspects of personal data processing:
Right of erasure
Because we deal with publicly available web data, information removed from a website are also removed from our database. But if a data subject wishes to speed up the removal of any in our index, we offer a simple and efficient way to claim email addresses. It is then possible to either update the data or entirely remove it.
Systematic pseudonymisation of non-public data
Our applications heavily pseudonymise data to ensure the privacy of data subjects. Any attributes that doesn’t need to remain in its original form is truncated to remove any possibility to be linked back to a specific data subject.
The GDPR gives the right to any user to download any data that s/he provides to a service. This allows for easier migration to other services. We think this is a great idea and ListFlow has always made it possible for user to download their data.
Securing a network of GDPR compliant collaborators
After having made sure that we have the right policies being executed, helping our third-party vendors maintain the GDPR compliance was the next big challenge. Our team continues to work alongside our partners to help them on their journey towards GDPR compliance.
Data Processing Addendum
ListFlow is in most cases a processor. As a data controller, under Article 28 of the GDPR, you need a data processing addendum (DPA) signed with your processors. We have made this procedure simple and have the contract ready to be signed. Contact us at email@example.com to get started.
For more information