The GDPR is on its way, and PowerAddon is here to help.
On May 25, 2018, a new reference privacy law called the General Data Protection Regulation (GDPR) will take effect in the European Union (EU). The GDPR expands the privacy rights granted to individuals in the EU and puts many new obligations on organizations that market, track, or manage EU personal data, regardless of where the organization is located. PowerAddon is here to help you in your efforts to be compliant with the GDPR through our platform that has already been modeled according to the GDPR standards.

Here are answers to some of the most common questions about the GDPR, which will help you understand the new regulation.

What is the GDPR?
A new global data protection law in the EU that updates the existing laws of individual countries to strengthen the protection of personal data in response to rapid technological developments, greater globalization, and international flows of increasingly complex personal data. It replaces the mosaic of national data protection laws currently in force with a single set of rules, directly enforceable in each EU Member State.

What does the GDPR regulate?
The GDPR regulates the “processing” of such data; this processing includes the collection, storage, transfer, or use of personal data on individuals in the EU. Any organization that processes the personal data of individuals in the EU, including monitoring their online activities, falls within the scope of the law, regardless of whether the organization has a physical presence in the EU. The GDPR greatly expands the concept of “personal data” to cover all information relating to an identified or identifiable individual (also called a “data subject”).

How does the privacy law change with the introduction of the GDPR?
The GDPR provides individuals in the EU with more privacy rights and places significant obligations on organizations. Some of the main changes are:

Extended rights for EU individuals: the GDPR provides extended rights for EU individuals including the omission, limitation, and portability of personal data.
Compliance obligations: GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, maintain detailed records on data activities, and stipulate written agreements with suppliers.
Data breach notification and security: the GDPR requires organizations to report certain data breaches to data protection authorities and, under certain circumstances, to data subjects. The GDPR also establishes increased security requirements for organizations that must process personal data.
New profiling and monitoring requirements: the GDPR poses additional obligations for organizations which are engaged in profiling or monitoring the behavior of individuals in the EU.
Binding Corporate Rules (BCRs): the GDPR officially recognizes BCRs as a means for organizations to legalize transfers of personal data outside the EU.
Implementation: under the GDPR, authorities can fine organizations up to a maximum of € 20 million or 4% of the company’s total annual income, based on the severity of the violation and damages incurred.
One-stop-shop: the GDPR provides a central point of implementation for organizations operating across multiple EU territories, requiring companies to work with a supervisory authority on data protection issues.

Does the GDPR require that the personal data of EU citizens be processed only in data centers in the EU?
No, the GDPR does not require that the personal data of EU citizens is processed only in data centers located in the EU, nor does it impose new restrictions on transfers of personal data outside the EU. Of course, our Datacenter is already located in Europe, making it so our customers don’t have to worry about this issue.

We are committed to guaranteeing our customers evermore technological platforms which are safe and compliant with the levels required not only by the GDPR, but also by this ever-changing world

Fulvio Giaccari CEO PowerAddon

What is PowerAddon doing to adapt to the GDPR?
Considering how SB Soft is already ISO 27001/2013 certified, it has already followed all the GDPR rules for the management and processing of data for many years now. Furthermore, the data processed by the PowerAddon servers is cleaned of all “sensitive” information, such as customers’ email addresses.
Our systems only use the email addresses to send newsletters, and then delete this data by only tracing the customer through the campaign’s GUID and the contact, account, or lead’s GUID present within Dynamics 365.
This method provides our customers with the guarantee that no sensitive data can remain within our servers (Name, Last Name, Email, etc.).

“Trust” is our # 1 value at PowerAddon, and nothing is more important than our customers’ success and our customers’ data protection. PowerAddon’s robust security and privacy program meets the highest industry standards. Our actions demonstrate how we have continuously strengthened our commitment to protecting our customers over the past few years:

  • In 2015 PowerAddon – SB Soft obtained ISO 27001/2013 certification to guarantee its customers certified processes to rigorously protect company and customer data according to the highest quality standards. These standards not only cover the processes related to our Datacenter, but also cover the applications we develop
    In 2016 PowerAddon was completely rewritten, adding a series of security checks that make the platform ready for GDPR today, such as multi-factor authentication using oauth2 protocol interfaced with Azure and Microsoft Offfice 365. More info
  • In 2017 PowerAddon released a MultiTenant platform so that it could move its customers’ tenants anywhere in the world, thereby offering its customers the opportunity to locate data in any Datacenter they request.