What is the GDPR?
The EU General Data Protection Regulation (GDPR) came into effect on 25th May 2018 bringing new global data protections for individuals of the European Union (EU). The GDPR replaced the EU Data Protection Directive with the intention of harmonizing data protection laws throughout the EU with a single data protection law.
Is Interact GDPR compliant?
We ensure our products and services are designed in accordance with ISO27001 standards. Our existing standards mirror many of the security and privacy requirements of GDPR. Amazon Web Services (AWS) our hosting partner is also ISO27001 & SSAE16 compliant.
All Interact employees continue to undertake mandatory data handling training. All Interact employees are required to participate in the training program even if their role doesn’t require them to handle customer data.
We ensure our vendors adhere to the same high standards of security and privacy as Interact.
We maintain our no transfers out of the EU commitment for EU customers. Interact does not transfer data out of the customer’s chosen geographical region. Data backups and redundancy sites all remain within the same geographical region.
Is Interact a Data Processor or Data Controller?
Interact operates as both a Data Controller and Data Processor when considering GDPR compliance:
Interact is a controller in respect of individuals interacting with our business such as website visitors, customers and prospective customers of Interact.
Interact is also the processor in respect of our own data and that of our customers whose data we receive from users of our services. In some specific customer agreements, Interact can also be a sub-processor.
What Personal Data does Interact process for its customers?
How does Interact deal with Subject Access Requests (SAR)?
If the Subject Access Request relates to data processed, stored or hosted within our services, Interact will refer the Subject Access Request to our customer – the data controller. Interact will assist with requests made by our customers in relation to such Subject Access Requests.
Subject Access Requests received in relation to Interact’s business will receive a response within 30 days of receipt. Subject Access Requests can be made at firstname.lastname@example.org or in writing to:
4th Floor Station House
As a customer of Interact, what action should we take?
As a customer of Interact, you are a data controller and Interact is acting as a processor for your data. To ensure you are in compliance with GDPR you should consider undertaking the following steps:
- Perform your own research, modelling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.
- Obtain an updated Data Processing Agreement which is available upon request from email@example.com
If you have any questions about GDPR, please contact firstname.lastname@example.org. If you are an employee of an Interact customer, please contact your employer.