GDPR Compliance

GDPR Compliance


Sales-Push ensures conformance to global regulations and industry practices to maintain the privacy and security of its customer’s data. All our products provide GDPR-ready capabilities to help our customers meet their compliance obligations. Sales-Push extends these capabilities not only to customers in the EU but to all our customers worldwide

To strengthen an individual’s rights to privacy, the European Union brought about the General Data Protection Regulation or GDPR, fortifying existing directives on data protection. The Regulation issued by the European Union applies to businesses processing personal data of European residents and has been in force since 25th May 2018.

7 Key Principles of the GDPR


The GDPR encourages businesses to be responsible for an individual’s data. By ensuring the protection and privacy of this data, businesses earn customer trust and they are likely to engage better with the business. GDPR provides a framework for businesses to standardize and regularize real-world security and privacy needs of an individual’s data used for business purposes. The key principles which the GDPR requires businesses to operate on are:

  1. Lawful, fair and transparent processing: Emphasizes transparency for all individuals i.e. when data is collected, businesses must be clear as to why data is being collected and what will it be used for.
  2. Purpose limitation: Collect data, only for the purpose you need it for. That is, data collected for specific purposes/reasons cannot be further processed in a manner incompatible with those purposes/reasons.
  3. Data minimization: Ensure data captured is adequate, relevant, and limited. Based on this principle, organizations must ensure they store a minimum amount of data required for their purpose.
  4. Accurate and up-to-date processing: Data controllers must ensure information remains accurate, valid, and fit for purpose. To comply, organizations must institute processes and policies to address how they maintain the data they are processing and storing it.
  5. Limitation of storage in a form that permits identification: Have control over the storage and movement of data within the organization. This includes implementing and enforcing data retention policies and preventing unauthorized movement and storage of data.
  6. Confidential and secure: An organization collecting and processing data is solely responsible for implementing appropriate security measures to protect the individual’s data.
  7. Accountability and liability: Organizations must be able to demonstrate the adoption of necessary steps to protect an individual’s personal data, and be able to pull up every step within the GDPR strategy as evidence.
FAQ

Frequently Asked Questions


Got a question? We've got answers. If you have some other questions, see our support center.

Who does the GDPR affect?

The GDPR applies to organisations located within the EU and also organisations located outside the EU. It applies to all companies processing personal data of individuals residing in the European Union, regardless of where the company is located.

How​ ​does​ ​my​ ​business​​ ​benefit​ ​by​ ​complying​ ​with the​ ​GDPR?

GDPR requires fairness, transparency, accuracy, security, minimisation and respect for rights of the individual whose data businesses want to process. The GDPR helps restore consumer trust by governing rules of data protection and rights across the EU. This helps gain customer trust, and they are likely to engage better with the business. Apart from this businesses can capitalize on opportunities through:
1. Cost savings and less complicated policy management by dealing with 1 law, not 28. This otherwise required expenses and efforts dealing with regulations for each member state locally.
2. Consistency in practice of data protection measures both in and outside the EU. This is because the same regulation applies to all businesses, regardless of where they are based out of.
3. The regulation enables innovation to flourish under the new law.

When should businesses get compliant?

The regulation has been in effect since May 2018, after a two-year transition period.

Is consent the only way to process data?

Consent is one way, but it’s not the only way to process data. The GDPR provides other ways of processing data:
Contractual necessity
Legitimate interests
Vital interests
For more information please visit the website of the Information Commissioner’s Office

Who​ ​is​ ​a​ ​Data​ ​Protection​ ​Officer​ ​(DPO)​ ​and​ ​does​ ​my​ ​business​ ​need one?

The DPO is responsible for informing employees of their compliance obligations as well as conducting monitoring, training, and audits required by the GDPR. A DPO needs to be appointed if you:
1. process large amounts of personal data
2. carry out large scale systematic monitoring of individuals or,
are a public sector authority

Who​ ​is​ ​a​ ​Data​ ​Protection​ ​Officer​ ​(DPO)​ ​and​ ​does​ ​my​ ​business​ ​need one?

The DPO is responsible for informing employees of their compliance obligations as well as conducting monitoring, training, and audits required by the GDPR. A DPO needs to be appointed if you:
1. process large amounts of personal data
2. carry out large scale systematic monitoring of individuals or,
are a public sector authority

Does​ ​the​ ​GDPR​ ​require​ ​EU​ ​data​ ​to​ ​stay in​ ​the​ ​EU?

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfer of personal data outside the EU. Data transfers from the EU to outside can be legitimized in many ways including,
EU-US Privacy Shield
Model or Contractual clauses
Sales-Push uses both the above mentioned methods to legitimize data transfers. Therefore customers do not need to move their data, or restrict data to the EU.

What​ ​does​ ​GDPR​ ​mean​ ​by​ ​“data protection​ ​by​ ​design​ ​and​ ​by​ ​default”?

Data protection​ ​by​ ​design​ means, ensuring only that personal data which is required is collected, and also incorporate privacy features and functionality into products and services from the time they are first designed.
Data protection​ ​by​ default means, businesses must implement appropriate measures to mitigate privacy risks at the time of collection of the data, as well us by extending it at the time of processing it.