GDPR & EU Data Protection

We value your trust and work hard to protect your information

Summary

When you use our services you entrust us with your valuable information. We have made it a priority to protect your data and to provide you with choices about controlling it. We understand that there are particular concerns from companies in the EU about how we use and protect your data, so we put this page together as a guide to answer some of the most common questions you may have.


What is GDPR?

By May 25th, 2018, any organisation that processes personal data of EU citizens needs to be compliant with GDPR. The GDPR (General Data Protection Regulation) replaces the Data Protection Directive 95/46/EC, incorporated in UK law by the Data Protection Act 1998 (DPA). The GDPR is not new legislation and retains the core rules and principles of the Data Protection Directive, but it is an overhaul of existing European Commission data protection legislation.

The aim of the GDPR is to unify the existing data protection laws to strengthen the security and protection of personal data in the EU. EU citizens are given new rights that profoundly impact the way IT are allowed to process and control personal data, which will give individuals back control of their personal information.

Effectively, the GDPR gives more rights to the individual over their own personal data.


Does GDPR require that my information to be stored in the EU?

No. There is a common misunderstanding that the GDPR requires all data to be stored within the EU, but this is not the case. Rather, the GDPR prevents data from being transferred outside of the EEA without adequate protection, thus organisations dealing with the personal data of EU citizens must be in compliance with EU privacy laws.


Who does GDPR apply to?

The GDPR applies to any individual or organisation doing business within the EU. As it commences on May 25th, 2018, EU individuals & organisations must ensure compliance with the updated legislation by then.


Will Practice Ignition be GDPR compliant?

Yes. We can confirm that Practice Ignition will be GDPR compliant when it becomes enforceable on May 25th, 2018.


What has Practice Ignition done to comply with GDPR?

Our compliance, data protection, and information security teams all worked to prepare our services for GDPR. We reviewed our data processing activities, and made any changes that was needed in advance of the GDPR effective date. We are currently updating our Privacy Policy, and this updated version provides more detail about what information we capture and for what purposes.


Access to your Information (DSR requests)

As of now our intention is to service DSR requests (such as delete and export) manually. If you have an account with us, you may access, correct, or request that we delete your personal data by contacting us at [email protected] This request can include personal data of other individuals, like your customers that you have provided to us and who have requested this of you. We will respond to these requests within less than 30 days, as required under GDPR.


Security and data center location

Practice Ignition's primary data and servers are hosted at Heroku's data center, which uses Amazon's Web Services (AWS). We currently don't have plans to add servers or a point of presence (POP) in the EU (GDPR does not require physical servers in the EU).

The data center is SOC 1 and SOC 2/SSAE 16/ISAE 3402 accredited and includes keycard protocols, biometric scanning protocols and round-the-clock surveillance. We provide multiple levels of backups and redundancy to ensure uptime and peace of mind.

We use technical and physical controls designed to prevent unauthorized access to your personal data. We restrict access to personal data only to our employees, contractors and agents who need to know this information in order to operate, develop or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

For even more detailed information about our security practices, you can review our security page.


We are here for you

We are working with our customers to answer any questions and address any concerns regarding how we protect their personal data and gearing up for GDPR. If you have any questions, please don't hesitate to contact us at [email protected].