We’re excited to announce that we comply with the soon-to-be-enforced European General Data Protection Regulation (GDPR).
So, why are we sharing this with you?
If you provide software that engages European users, the GDPR regulations will require that you keep your European customers’ data protected, per the standards set in GDPR. Even if you don’t have an office or other presence in Europe, this still applies.
The GDPR will apply in all EU member states starting May 25, 2018. It was formalized on May 25, 2016, after all parts of the EU agreed to the final text. But the law will apply to all businesses and organizations on May 25, 2018.
All companies that transfer personal data with EU residents will need to comply with the GDPR. The regulations outline “Controllers” and “processors” of data. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. Even if controllers and processors are based outside the EU, the GDPR will still apply to them so long as they're dealing with personal data belonging to EU residents.
PubNub has put in place processes and procedures to comply with the various provisions of GDPR – data protection addendum, data deletion, data retention, and Pseudonymation/ anonymization. In addition, PubNub has appointed a Data Protection Officer and Article 27 representative, and has incorporated GDPR principles in our product development planning. And we will work with our customers to complete a Data Protection Impact Assessment policy.
To ensure you are GDPR compliant, use PubNub for your real-time applications, and also take these additional steps:
- Create a Data Map: Document the personal data you hold, where it came from, who you share it with and what you do with it.
- Enable Withdrawal of Consent: Users must be able to withdraw consent from companies processing their personal data.
Note that more regulations are still forthcoming. See more compliance details here.
