Privacy, security, compliance, transparency, and responsibility are the cornerstones of our business. As a processor, and sometimes a controller, of our customers’ data, we fully understand and recognise our responsibility to respect privacy rights and to put in place appropriate standards of data protection.
We are registered with the IPO via registration number ZB066023.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a European privacy regulation which has replaced the previous EU Data Protection Directive (Directive 95/46/EC). The GDPR aims to strengthen the security and protection of personal data in the EU and harmonise EU data protection law.
To whom does the GDPR apply?
The GDPR applies to all businesses operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable person.
What implications does GDPR have for companies processing the personal data of EU citizens?
One of the key aspects of the GDPR is that it creates consistency across EU member states on how personal data can be processed, used, and exchanged securely. Businesses will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis, by implementing and regularly reviewing robust technical and organisational measures, as well as compliance policies.
Who is the "Controller" and who is the "Processor"?
In accordance with the GDPR, when The SaaSy People provides a business with outsourced customer support and respectively processes personal data on behalf of our customer by utilising our customers (your) existing system(s) (CRM, backend platforms etc.) throughout the course of such services, then The SaaSy People is recognised as the “Processor” and our customer (you) is recognised as the “Controller”.
When The SaaSy People provides a business with outsourced customer support and respectively processes personal data on behalf of our customer by utilising it's in-house system(s) (Salesforce etc.) throughout the course of such services, then The SaaSy People is recognised as a “Controller” and our customer (you) are also recognised as a “Controller”.
How can The SaaSy People's customers ensure/maintain compliance with GDPR?
We encourage all of our customers to reguarly review their privacy and data security processes and policies to ensure compliance.
Dependant on which scenario you choose, us using your own existing system(s) or you using our in-house system(s) we can supply you with either a Data Processing Agreement (DPA) or a Controller to Controller Agreement.
Controllers bear the primary responsibility for ensuring that their processing of personal data is compliant with EU data protection law. Below are some key points to consider for GDPR compliance:
Geographical Application: The GDPR may apply to businesses that are established in the EU as well as certain businesses established outside the EU that are processing the personal data of EU citizens.
Rights of End-Users: Businesses should be cognizant of End-Users whose personal data they may be processing. The GDPR establishes enhanced rights for End-Users, and businesses must be able to accommodate those rights.
Data Breach Notifications: Businesses that are controllers of personal data should have clear processes in place in order to comply with the GDPR requirement to report data breaches in accordance with the time frames set out within the GDPR.
Appointment of a Data Protection Officer (DPO) and Representative within EU (Representative): Businesses may need to appoint DPOs and Representatives to manage issues relating to the processing of personal data.
Data Processing Agreement (DPA): If businesses use a third party to process personal data on their behalf, they need to have a DPA in place with the processor to comply with GDPR requirements. The SaaSy People’s DPA can be obtained by submitting a request to firstname.lastname@example.org.