We welcome GDPR as an opportunity to reaffirm our commitment to data protection and privacy rights.
Airship is committed to meeting the standards that our customers have come to expect from us. That means not just providing amazing products that scale to sending billions of notifications each day, but also ensuring that the Airship platform supports your compliance needs, including the EU General Data Protection Regulation (GDPR). Airship welcomes the GDPR as an opportunity to prove our commitment to data protection and privacy rights.
What is the General Data Protection Regulation (GDPR)?
The GDPR is a comprehensive data protection law that regulates the processing of personal data of individuals in the European Union (EU). This new law takes effect on May 25, 2018. GDPR aims to protect the privacy of EU individuals through tighter limits on personal data processing, increased transparency into the nature, purpose and use of personal data, and expansion of each individual’s rights over their data. The GDPR presents an opportunity for your business to strengthen its brand loyalty by building trust through responsible use of personal data.
How We’re Addressing GDPR
Privacy by Design
We have a core team comprised of senior members of the Engineering, Operations, Security, Product Development and Legal teams that meet regularly to proactively apply the Privacy by Design and Data Protection by Default principles to our product enhancement, development and operations. These data privacy standards, controls and features are available to all Airship customers and not just to customers processing EU personal data. This means that as other countries implement GDPR-inspired privacy regulations, you will be well positioned for future privacy compliance efforts in other parts of the world.
Product Level Enhancements
To help our customers comply with the GDPR, we’ve made and continue to make enhancements to the Airship platform to provide controls and features, including APIs and opt-out features, that help customers respond to data subject requests. These product level controls and features are described in Airship’s documentation. Additionally, we have implemented a data retention schedule for the Airship platform so that personal data isn’t retained any longer than necessary. We continue to listen to our customers and explore ways to simplify and further automate our product and service offerings to better support you in your GDPR-compliance.
We’ve implemented a set of security processes and controls to help protect the your data entrusted to us through your use of the Airship platform, which processes and controls are audited annually by an independent third party against the SSAE-18 SOC 2 standards. We provide you with information about these security processes and controls in our Security Measures document.
Privacy Shield and DPA
Airship is certified compliance with the EU-US Privacy Shield Framework and the EU-Swiss Privacy Shield Framework. Our updated Privacy Statement and updated Data Processing Addendum incorporates the Privacy Shield certification information to assist you with your GDPR compliance.
Third Party Vendor Review
To ensure that your data is protected to the subprocessor level, we have put GDPR-compliant terms in place with subprocessors for the Airship platform.
FAQ About GDPR & Airship
We also understand that data privacy and compliance with the GDPR is a shared responsibility between Airship and you, as our customer. To support your GDPR compliance, we have outlined the most common questions asked about the GDPR and your use of the Airship platform in the Airship GDPR FAQ as an additional resource.