MindFire and GDPR

Disclaimer: While this post’s content is designed to help you understand the GDPR in connection with MindFire’s services, the information may not be construed as legal advice and you should consult with your own legal counsel regarding your unique obligations under the GDPR, and the use of any company’s products and services (including MindFire) to process personal data.

 

What’s GDPR?

The EU General Data Protection Regulation (“GDPR”) is a new data protection law that came into effect on May 25, 2018. It replaces existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It is a single set of rules which govern the processing and monitoring of EU data. At MindFire, we are working hard to ensure that we fulfill its obligations and maintain our transparency about customer data.

NOTE: As with other data and consumer protection laws, GDPR requires commitment from us (MindFire) and you (our Customers). In some ways, the responsibility is shared, but ultimately, you are responsible for your unique situation and compliance with GDPR. We remain committed to helping you meet these requirements (there are a number of tasks that are in progress on our end) and will provide assistance throughout the entire process.

I am a MindFire Client. Does it affect me?

Yes, most likely. If you hold or process the data of any person in the EU, the GDPR applies to you, whether you are in the EU or not. In most cases, our clients are considered Controllers in the eyes of GDPR, and MindFire is considered a Processor.

Controllers and Processors
There are two key roles defined in the GDPR: Controller and Processor.

The Controller is the business — you — who are ultimately in charge of deciding how data are collected and used. As a customer of MindFire, you operate as the Controller when using our products and services. You have the responsibility for ensuring that the personal data you are collecting is being processed in a lawful manner pursuant to the GDPR and that you are using processors, such as MindFire, that are committed to handling the data in a compliant manner.

MindFire is considered a Processor. We act on the instructions of the Controller (you), which come to us via our applications like Studio, or via our platform APIs. Like Controllers, Processors have an obligation to explain what they do with personal data. However, as a Processor, we rely on you, the Controller of the data and our customer, to ensure that there is a lawful basis for processing.

Processors may, in the performance of their service, use other third-parties in the processing of personal data. These entities are known as sub-processors. MindFire uses several cloud infrastructure providers like Amazon Web Services, Rackspace — all of which are considered sub-processors — as well as other services like SocketLabs.

How has MindFire prepared for GDPR?

Our teams have been working to define our GDPR roadmap, which we intend to publish soon on this page.

Because GDPR requires a massive overhaul of processes and data models, we intend to keep you apprised of everything we are doing to make sure we are meeting our legal obligations, and doing the best thing for our customers and yours.

Here are the main things we have been doing (or will do) to ensure we are setting up ourselves and our customers up to meet GDPR obligations:

MindFire has defined a DPO (Data Protection Officer)

We have defined a Data Protection Officer, see below.

We Have Built and Continue to Build New Features & Infrastructure

Our teams are building (or in some cases, have already deployed) the necessary features and infrastructure that will enable our customers to meet their GDPR obligations.

MindFire will help you meet your data portability requirements for GDPR, meaning you will be able to export all of your data or granular subsets linked to an individual Contact, and permanently delete all data related to a single user.

We will publish our Data Processing Agreements (DPAs) and Legal Agreements

Robust data protection commitments are a vital part of GDPR’s requirements. Our new data processing agreement will share our privacy commitments and sets out the terms for MindFire and our customers to meet GDPR requirements.

We’re in the process of revisiting and where necessary, updating our Privacy Policy, Terms of Service (in our License Agreements), and a few other documents to include data processing sections that ensure that any business that requires a GDPR-compliant processor can use MindFire.  As soon as these are available, we will provide you with a copy and a summary of our status.

We have coordinated with our vendors

We have reviewed all of our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them.

We are taking new security measures

Security is a priority for us. We will keep sharing information on our progress, and we will also help our customers (and, in the case of those of you who are providing services to your Clients via MindFire) be compliant. Some steps you can take are:

  • Get familiar with the GDPR requirements and how they affect your company.
  • Map out everywhere you process data and carry out a gap analysis (including your interactions with MindFire)
  • Look at all the software and tools you use to manage data, and think about privacy, security, and GDPR requirements from top-to-bottom.
  • Speak with your lawyer about your specific needs to ensure you’re aware and compliant.

What can we do to help you?

To help you meet your obligation to GDPR, we will be updating this page to include instructions and code-snippets you can use. Stay tuned.

Contact Information

Data Protection Officer:

  • Ali Malekshaki
  • 1(949)474-4418
  • alim@mindfiremail.info

Subprocessors for GDPR

AWS, SocketLabs, Azure, Twilio, Zapier, Google, Rackspace, CellTrust, Mail Gun

Recommended GDPR Resources

Here are some recommended resources to assist in your research

Questions?

Feel free to reach out to us in the comments, or via support@mindfireinc.com.

David Rosendahl
Connect w/Me

David Rosendahl

Co-Founder at MindFire
Dad of 2 (wait, no there’s a 3rd, where’d he come from?) and helped launch MindFire. Techno-marketer fascinated with the convergence of print and non-print marketing, machine learning, and entrepreneurship. May run for political office one day (yes, I’m crazy).
David Rosendahl
Connect w/Me

Leave a Reply

%d bloggers like this: