What is GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy regulation that will replace the current EU Data Protection Directive (Directive 95/46/EC). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.
Why is GDPR important?
The GDPR has the potential to impact any business that collects data in or from Europe. One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. If you collect, change, transmit, erase, or otherwise use or store the personal data of EU citizens, you’ll need to comply with the GDPR.
What and who?
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person. e.g., dates of birth, names, physical addresses, email addresses, and so on.
- About Consent
You need to have a legal basis, like consent, to process an EU citizen’s personal data. This consent must be verifiable. It requires a written record of when and how someone agreed to let you process their personal data.
- About Individual Rights
The GDPR also outlines the rights of individuals around their personal data. EU citizens will have the right to ask for details about the way you use their personal data, and can ask you to do certain things with that data. People have the right to request their personal data be corrected, provided to them, prohibited for certain users, or removed completely.
How Does Strikingly Protect Your Data and Comply with GDPR?
Strikingly is dedicated to protecting your data and complying with GDPR policies when it becomes enforceable on May 25, 2018. Our team is working with users around the world to answer their questions and to help them prepare for using Strikingly’s Services when GDPR takes effect.
Our team has reviewed Strikingly’s product features and practices to ensure we support GDPR compliance requirements. This document provides a description of our practices and policies.
1. User Information
- Strikingly contracts security consultants to ensure the security of our user information. They perform regular security audits and infiltration testing to maintain our ISO/PCI security certifications. Any issues that are reported to our security team or raised during security audits are resolved as soon as possible.
- Strikingly encrypts databases containing sensitive information, according to PCI standards, to add additional protection of personally identifiable information. Our encryption methods render this information unreadable without a cryptographic key.
- Strikingly has a multiple-layer security architecture to help protect against 0-day security issues.
- Strikingly's signup, login, and payment services are completed through a secure server. The information provided to Strikingly in the signup process is secured via HTTPS/ SSL communication.
- Strikingly uses cryptography hash functions to protect users’ information. User’s password is stored as a hash digest and, in the event of a security breach, their original password cannot be recovered from our servers.
2. Data Security
- Strikingly has documented and implemented internal mechanisms for limiting the processing of personal data to only certain specified uses relating to Strikingly’s products and services.
- Strikingly only discloses Service Data to third parties where disclosures are necessary to provide the services or as required to respond to lawful requests from public authorities.
- Strikingly uses multiple data centers to guarantee a secure and highly available service at scale.
3. Transparent Terms
4. Data Processing
Strikingly publishes Data Processing Agreement (DPA), to address how we process data on users' behalf.
5. Internal Protocol
- We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and hackers.
- Employees on teams that have access to customer data (such as tech support and our engineers) undergo criminal history and credit background checks before employment.
- All employees sign a Privacy Safeguard Agreement outlining their responsibility in protecting customer data.
- When a Strikingly employee leaves the company, we follow a strict checklist to ensure that all of their server access permissions are revoked.
6. Data Access Rights
- Request to view data: Strikingly provides users the right to access their data, check what data we have collected, and choose their data to be forgotten.
- Request to delete data: Strikingly provides data subjects with the right to delete data if the continued processing is not justified. For example, users may need to delete their customers' and site visitors' personal data to comply with GDPR obligations. Users may also delete their accounts, which will permanently remove relevant data from our servers.
What Third-Party Data Services Does Strikingly Use?
As a website editor and hosting service, we collect data to better serve your needs and continuously improve our product. In the Strikingly dashboard and editor, we log user event data to Mixpanel. This data is anonymized and contains no Personally Identifiable Information (PII). On published Strikingly websites, we log data to Google Analytics and Keen.io to record site visit data. This data is anonymized and contains no Personally Identifiable Information (PII).
How Do I Make My Strikingly Websites Compliant?
If your website is targeting users in the European Union, you should enable GDPR for your own sites. Visit the following link to learn how.
Regulators within the European Union provide specific guidance on GDPR policies. You can view their documentation here to learn more: