Our Flagship Product: Synapse

On 25th May 2018, The General Data Protection Regulation (GDPR) came into effect all over the UK and Europe. It is a series of regulations and obligations that add to the current Data Protection Directive by adding a number of new requirements for businesses and determining a more comprehensive set of rights for individuals.

What is the GDPR?

The GDPR is a new comprehensive data protection law (in effect May 25, 2018) in the EU that strengthens the protection
of personal data in light of rapid technological developments, increased globalisation, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.

What does the GDPR regulate?

The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organisation that processes personal data of EU individuals is within the scope of the law,
regardless of whether the organisation has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

How does GDPR change privacy law?

The key changes are the following: Expanded data privacy rights for EU individuals, data breach notification and added security requirements for organisations, as well as customer profiling and monitoring requirements. GDPR also includes binding Corporate Rules for organisations to legalise transfers of personal data outside the EU, and a 4% global revenue fine for organisations that fail to adhere to the GDPR compliance obligations. Overall the GDPR provides a central point of enforcement by requiring companies to work with a lead supervisory authority for cross-border data protection issues.

Does the GDPR require EU personal data to stay in the EU?

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU. Salesforce’s data processing addendum, which references our Binding Corporate Rules, Privacy Shield certification, and the European Commission’s model clauses, will continue to help our customers legalise transfers of EU personal data outside of the EU. See our FAQ on our data processing addendum for more information.

Right to Be Forgotten

You may need to delete customer data in order to comply with data protection and privacy regulations. The Salesforce Platform offers a rich set of features to help you meet your obligations under the GDPR. Salesforce allows customers to delete personal data at both an organisational level and an individual level. Deletions of Salesforce instances (orgs) are synced regularly.

Data Portability

You can use the Synapse Platform to help you honour your customers’ requests to export their data. Data can be extracted via both UI-driven as well as API-driven methods, including reports exportable via CSV and PDF.

Consent & Processing

The Synapse Platform helps you comply with data protection and privacy regulations with out-of-the-box support for indicating do not call and email opt-out. The Synapse Platform allows users to manage their personal data within their “My Profile” of the App including tracking preferences and notification methods they wish to use. For audit and the purpose of user safety, an activity log within the App is recorded against the users profile that includes login information, IP addresses, location data and an activity log i.e. viewing, editing information etc.

On the Synapse Platform, records can be identified, exported, and deleted upon receiving a verified request to restrict processing via the Admin247 portal by an authorised administrator.

Accountability/Transparency

Synapse offers customers a data policy and processing addendum containing privacy commitments. This addendum contains data transfer frameworks ensuring that our customers can lawfully transfer personal data to Synapse outside of the European Economic Area. This addendum also contains specific provisions to assist customers in their compliance with the GDPR.

Resources

Internal Policies & Procedures

Documents available on request.

Our accreditations - you're in safe hands...

Accreditations

Sponsored for digital
business growth by:

Northampton County Council