GDPR and Klenty

The European Union will begin enforcing the EU General Data Protection Regulation starting on May 25, 2018 in an effort to strengthen the security and protection of the personal data of EU residents.
The full text of the GDPR can be found here

Does the GDPR apply to me?

While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who a) market their products to people in the EU or who b) monitor the behavior of people in the EU. In other words, even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you.
In keeping with our ongoing commitment to privacy and security, Klenty is committed to making it easier for you to comply with the GDPR.

Important Definitions:

Term Definition
Data Subject A person who lives in the EU
Personal Data Any information related to an identified/identifiable data subject (e.g., name, national ID number, address, IP address, health info)
Controller A company/organisation that collects people’s personal data and makes decisions about what to do with it. So if you’re collecting personal data and are determining how it will be processed (for example using the Klenty services to market to prospects and customers), you’re the Controller of that data and must comply with applicable data privacy legislation accordingly.
Processor A company/organisation that helps a Controller by “processing” data based on its instructions, but doesn’t decide what to do with data. So for example, Klenty is the processor of the data you collect in your Klenty application. We don’t control how you collect or use the data; we merely process it on your behalf and on your instruction.
Data Protection Officer (DPO) A representative for a controller/processor who oversees GDPR compliance and is a data-privacy expert
Data Privacy Impact Assessment (DPIA) A documented assessment of the usefulness, risks, and risk-mitigation options for a certain type of processing
Supervisory Authority Formerly called “data protection authorities”; one or more governmental agencies in a member state who oversee that country’s data privacy enforcement (e.g., Ireland’s Office of the Data Protection Commissioner, Germany’s 18 national/regional authorities)
Third Countries Countries outside the EU

Who is the Controller and who is the Processor, In the case of Klenty’s relationship with a Customer

Unless explictly clarified in any engagement, Klenty will be the Processor and Customer will be the Controller.

What does Klenty do to ensure lawful data transfers from the EU?

The GDPR permits transfers of personal data outside of the EU subject to certain conditions. The EU model clauses (Standard Contractual Clauses or SCC) provide a valid mechanism to lawfully transfer personal data. Klenty offers a Data Processing Agreement that incorporates the model clauses to our EU/EEA customers.

What changes is Klenty doing to help Customers comply with the GDPR?

Should you require a copy of our DPA, please send an email to support@klenty.com.