MindFire and GDPR

Disclaimer: While this post’s content is designed to help you understand the GDPR in connection with MindFire’s services, the information may not be construed as legal advice and you should consult with your own legal counsel regarding your unique obligations under the GDPR, and the use of any company’s products and services (including MindFire) to process personal data.

What’s GDPR?

The EU General Data Protection Regulation (“GDPR”) is a new data protection law that came into effect on May 25, 2018. It replaces the existing EU Data Protection law to strengthen the protection of “personal data” and the rights of the individual. It is a single set of rules which govern the processing and monitoring of EU data. At MindFire, we have updated our policies and practices to comply with our obligations while maintaining our transparency and flexibility with customer data.

NOTE: As with other data and consumer protection laws, MindFire and each of our customers have a duty and its own independent obligation to comply with GDPR. MindFire systems comply with GDPR and other applicable privacy laws with usage that adheres to its policies and agreements. You are responsible for your activities including any unique situations and compliance with GDPR that builds on MindFire. While we are not responsible for your compliance, we remain committed to helping you meet these requirements and will provide assistance throughout the entire process by providing visibility and providing answers on relevant MindFire features and systems.

I am a MindFire Client. Does GDPR affect me?

GDPR applies if you offer goods or services to, or monitor the behavior of EU individuals, or process and hold data of individuals residing in the EU irrespective of their citizenship.

MindFire processes the data on your behalf within the permissible purpose and scope of the agreement that you have on the controlled data.

MindFire uses several cloud infrastructure providers like Amazon Web Services, Microsoft Azure, and Rackspace, as well as other services like SocketLabs that provide underlying software infrastructure services that are compliant with GDPR

How has MindFire prepared for GDPR?

Here are the main things we have been doing (or will do) to ensure we are setting up ourselves and our customers up to meet GDPR obligations:

MindFire has defined a DPO (Data Protection Officer)
We have defined a Data Protection Officer, see below.

We Have Built and Continue to Build New Features & Infrastructure
Our teams are building (or in some cases, can provide instructions) so you can implement the necessary features and infrastructure that will enable you to meet your GDPR obligations.

For example, MindFire will help you meet your data portability requirements for GDPR, meaning you can export all of your data or granular subsets linked to an individual Contact, and permanently delete all data related to a single user.

We have updated and published our Data Processing Agreements (DPAs) and Legal Agreements
Robust data protection commitments are a vital part of GDPR’s requirements. Our new data processing agreement will share our privacy commitments and sets out the terms for MindFire and our customers to meet GDPR requirements.

We have coordinated with our vendors
We have reviewed all of our vendors, finding out about their GDPR plans and arranging similar GDPR-ready data processing agreements with them.

We are taking new security measures
Security is a priority for us. We will keep sharing information on our progress, and we will also help our customers (and, in the case of those of you who are providing services to your Clients via MindFire) be compliant. Some steps you can take are:

  • Get familiar with the GDPR requirements and how they affect your company.
  • Map out everywhere you process data and carry out a gap analysis (including your interactions with MindFire)
  • Look at all the software and tools you use to manage data, and think about privacy, security, and GDPR requirements from top-to-bottom.
  • Speak with your lawyer about your specific needs to ensure you’re aware and compliant.

Resources

Contact Information
Data Protection Officer: David Rosendahl
1 (949) 474-4418
support@mindfireinc.com

Third Party Vendors Used By MindFire to Provide Supporting Services
AWS, SocketLabs, Azure, Twilio, Zapier, Google, Rackspace, CellTrust, Mail Gun

Recommended GDPR Resources
Here are some recommended resources to assist in your research

Questions?

Feel free to reach out to us in the comments, or via support@mindfireinc.com.

David Rosendahl
Connect w/Me

David Rosendahl

Co-Founder at MindFire
Dad of 2 (wait, no there’s a 3rd, where’d he come from?) and helped launch MindFire. Techno-marketer fascinated with the convergence of print and non-print marketing, machine learning, and entrepreneurship. May run for political office one day (yes, I’m crazy).
David Rosendahl
Connect w/Me

Leave a Reply

%d bloggers like this: