Overview

The General Data Protection Regulation (GDPR) is a landmark privacy law that affects all organizations that handle personal data of European Union (“EU”) individuals. GDPR strengthens data protection laws, expands the privacy rights of EU individuals and went into effect on May 25, 2018. 

Everflow's GDPR Compliance Process

Everflow is committed to comply with GDPR, under which Everflow is a data processor. A “data processor” is a person or organization who processes personal data on behalf of a “data controller” which determines the purposes and means of such processing (e.g., for specific purposes and services offered by the data controller that involve personal data processing).

As part of complying with GDPR, Everflow reviewed its impacted product stack and business processes and policies, and implemented a GDPR compliance program, including the following steps:

  • Develop a plan to address the product areas and processes impacted by GDPR
  • Publish a Data Processing Addendum
  • Revise our Privacy Policy and Service Terms
  • Present users of our website (www.everflow.io) with a cookie tracking notice 
  • Delete end user data and employee, affiliate or advertiser account data upon request by data controllers
  • Enable users at account level to opt in for obfuscation of personal data elements
  • Replace last octet with "xxx" in reports for all EU user IP addresses 
  • Blank out device IDs available upon request
  • Sign up with an ADR provider

Everflow is built on the GDPR-compliant Google Cloud Platform, which is Everflow’s sole data sub-processor and is certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.

FAQ

What is GDPR?

The GDPR is a new comprehensive data protection law (effective May 25, 2018) in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.

Does GDPR Require Personal Data to stay in the EU?

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU. Everflow's Data Processing Addendum will help our customers to transfer EU personal data outside of the EU in a compliant manner.

What does GDPR Regulate?

The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organization that processes personal data of EU individuals is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of "personal data" is very broad and covers any information relating to an identified or identifiable individual (also called a "data subject").

If you have any additional questions about GDPR and what we are doing in this area, please don't hesitate to contact us at privacy@everflow.io.