What is GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy regulation which will replace the current EU Data Protection Directive (Directive 95/46/EC). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.
Why is GDPR important?
The GDPR has the potential to impact any business that collects data in or from Europe. One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. If you collect, change, transmit, erase, or otherwise use or store the personal data of EU citizens, you’ll need to comply with the GDPR.
What and who?
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person. e.g., dates of birth, names, physical addresses, email addresses and so on.
- About Consent
You need to have a legal basis, like consent, to process an EU citizen’s personal data. This consent must be verifiable. It requires a written record of when and how someone agreed to let you process their personal data.
- About Individual Rights
The GDPR also outlines the rights of individuals around their personal data. EU citizens will have the rights to ask for details about the way you use their personal data, and can ask you to do certain things with that data. People have the right to request their personal data be corrected, provided to them, prohibited for certain users, or removed completely.
How Does Strikingly Protect Your Data and Comply with GDPR?
Strikingly will be compliant with GDPR when it becomes enforceable on May 25 2018. Our team is working with users around the world to answer their questions and to help them prepare for using Strikingly’s Services when GDPR takes effect.
Strikingly is dedicated to protecting your data and complying with GDPR policies. Our team has reviewed Strikingly’s product features and practices to ensure we support GDPR compliance requirements.
- Data Security: Strikingly has documented and implemented internal mechanisms for limiting the processing of personal data to only certain specified uses relating to Strikingly’s products and services.
- Disclosure of Customer Service Data: Strikingly only discloses Service Data to third parties where disclosures is necessary to provide the services or as required to respond to lawful requests from public authorities.
- Trust: Strikingly already uses cryptography hash functions to protect users’ information. Your password and payment information is stored as a hash digest and, in the event of a security breach, your original password cannot be recovered from our servers.
- Secure Server: Strikingly’s signup, login, and payment services are completed through a secure server (HTTPS/SSL).
- Safe Data Center: Strikingly uses multiple data centers to guarantee a secure and highly available service at scale.
- Request to view data: Strikingly provides users the right to access their data, check what data we have collected, and choose their data be forgotten.
- Request to delete data: Strikingly provides data subjects with the right to delete data if the continued processing is not justified. For example, users may need to delete their customers' and site visitors' personal data to comply with GDPR obligations. Users may also delete their account, which will permanently remove relevant data from our servers.
- Access management: when a Strikingly employee leaves the company, we follow a strict checklist to ensure that all of their server access permissions are revoked.
What Third-Party Data Services Does Strikingly Use?
As a website editor and hosting service, we collect data to better serve your needs and continuously improve our product. In the Strikingly dashboard and editor, we log user event data to Mixpanel. This data is anonymized and contains no Personally Identifiable Information (PII). On published Strikingly websites, we log data to Google Analytics and Keen.io to record site visit data. This data is anonymized and contains no Personally Identifiable Information (PII).
How Do I Make My Strikingly Websites Compliant?
If your website is targeting users in the European Union, you should enable GDPR for your own sites. Visit the following link to learn how.
Regulators within the European Union provide specific guidance on GDPR policies. You can view their documentation here to learn more: