Swrve as a Data Processor has all the necessary systems and processes in place to support our customers (the Data Controllers) and help them meet their obligations under GDPR.
If you are a Swrve customer and have any specific questions, you can contact your customer success representative or our GDPR hotline (firstname.lastname@example.org) at any time. We encourage you to do so!
What Is GDPR?
GDPR is the General Data Protection Regulation: a regulation in EU law on data protection and privacy for all individuals within the European Union. GDPR came into effect on May 25th 2018. Put simply and in plain English, GDPR requires any organization holding any form of personal data relating to any EU citizen to meet certain obligations relating to the use and access of that data.
To get one important point out of the way immediately: it doesn’t matter where your business operates or stores data, if you have personal data relating to EU citizens you have obligations under GDPR.
So What Are The Obligations?
The obligations include, but are most definitely not limited to, the following:
We’ll talk about all of these in a little more detail below but first let’s discuss roles and responsibilities before discussing how together we make your organization GDPR-proof!
Data Controllers and Data Processors
GDPR makes a key distinction between these two roles in the management and processing of personal data. Again in simple language:
The Data Controller owns the relationship with the Data Subject and is ultimately responsible for making and policing decisions around how and why that data is processed. In most cases, if you are a Swrve customer the Data Controller in this context is you.
The Data Processor is any organization that handles and processes data on behalf of, and with regard to instructions from, the Data Controller. In most cases Swrve is the Data Processor.
Each role has their own responsibilities, but it’s important to understand that in most cases the Data Controller has legal liability under GDPR. However, as the Data Processor we at Swrve want to make sure your job is as easy as it possibly can be when it comes to being (and staying) compliant.
How Swrve Can Help
Firstly, Swrve as a platform incorporates “security by design” and “privacy by design”. We have always delivered an enterprise-class approach to these issues. More information on these topics is available here. Swrve has a data center within the EU (Ireland) and in all cases can ensure data relating to EU citizens never leaves the EU.
With regard to GDPR specifically, the following should be noted:
The Bottom Line
Swrve has been ‘GDPR ready’ since before May 25th 2018, and is ready to work with all our customers and prospects to respond in a timely and accurate fashion to all GDPR related requests from their own customers and users.