Data protection & security
GDPR and ExpertSender
The General Data Protection Regulation (GDPR) is a European privacy law that is effective as of May 25, 2018. GDPR regulates how individuals and organizations may collect, use, and retain personal data, which affects how our customers make use of the ExpertSender platform.
Who does GDPR apply to?
The GDPR applies to ALL organizations that collect and process personal data of individuals residing within the EU, regardless of the company’s physical location. This means that if you have customers from the EU, but your business is not located within the EU itself, you’ll still need to adhere to the new regulations. You can read a more in-depth overview on how GDPR applies to you here.
ISO 27001 and ExpertSender
ExpertSender chose to become ISO 27001 certified to ensure our organization was prepared to manage the risks involved with keeping information assets (including customer data) managed by our organization secure. Giving our customers the confidence that we as an organization are employing international standards in actively managing business data and information security.
What is ISO 27001?
ISO 27001/IEC 27001 is a set of standards that help organizations keep their information assets secure (this includes both information systems and internal business processes). These international standards describe the requirements for an information management system that brings information security under management control and gives a set of specific requirements that allows organizations to do just that.
ISO/IEC 27001 certification demonstrates that an organization has defined and put in place best-practice information security processes.
Organizations are required to account for:
- The systematic examination of the organization’s information security risks, taking into account the threats, vulnerabilities, and potential impact;
- The design and implementation of a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (e.g. risk avoidance or risk transfer) to address risks that are deemed unacceptable;
- The adoption of an overarching management process that ensures the information security controls continue to meet the organization’s information security needs on an ongoing basis.
What ISO 27001 means for our customers?
By making use of ExpertSender’s services you are working with an organization that:
- Protects itself against cyber-attacks and takes the necessary steps to protect your itself.
- Has implemented adequate and proportionate security controls that help to protect information and send marketing campaigns that are in line with regulatory requirements such as GDPR.
- Undertakes regular reviews and internal audits of the ISMS to ensure its continual improvement.