The purpose of the General Data Protection Regulation (GDPR) is to strengthen and harmonize the rights of registered citizens, as well as to protect the free exchange of personal data in the EU. The regulation basically imposes higher requirements on organizations processing personal data (organizations responsible for data, data controllers, as well as data processors), whereas registered persons whose personal data is handled will benefit from extended rights.
At Xink we process employee data on behalf of companies when they manage their email signatures in our platform. All our data is stored in secure ISO 27001 certified environments and the location of where data is stored will never leave the location they are stored in. We are fully GDPR compliant.
An essential part of the General Data Protection Regulation is the processing of information about persons, which is defined as any type of information about an identifiable person. The term “personal data” is very broad and can relate to everything from a person’s name, gender, address and phone number to income, illnesses, employment and education.
Data in an email signature is rarely sensitive data. This is data, which everyone can get hold of without much hassle, and there is nothing sensitive even in a mobile phone number. However, Xink processes all data as if it was personal data and therefore we offer the best possible security when processing data.
As Xink very often processes data, we are aware of the requirements for the processing of other companies’ personal data. Therefore we have prepared a Data Processing Agreement (DPA) for our customers in order to meet the high requirements of the GDPR. This applies to the processing of data in order to continue to be able to serve our clients with the best possible data protection.
In each account in Xink we made a menu “DPA” under ‘subscription. Here you can read and approve the DPA. Simply go to “subscription” and then you can approve the document.
The GDPR also stipulates significant requirements to the data processor’s implementation of security measures related to storage of personal data. The data processor must secure its data from attacks. It must also be secure from accidental destruction, by establishing digital and physical measures to protect the integrity of the stored data. Examples hereof involves encryption and pseudonymization of data files, physical locking and fireproofing of server facilities and ensuring a proper policy for the transfer of data. Xink already meets these requirements as all data is hosted by Microsoft Azure’s ISO27001 certified data centers in the US and in the EU. As such, we can make sure that data never leaves the EU (until the client sends data in a signature in an email).
Xink works proactively and continuously to secure the best possible protection of our users’ personal data. We do so by keeping up to date on developments in the personal data rights and on how to secure safe storage and processing of user information.
Your company’s data is completely safe with Xink.
If you want to read more about Xink and our work to stay GDPR compliant, then head over to this GDPR blog post that explains in further detail what the GDPR entails.