The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found at https://www.eugdpr.org.

At CacheFly, we have updated our Legal Information, including our Privacy Policy. The updates to these documents will go into effect on 25 May 2018 and will supersede previous versions of the documents where applicable.

Following, please find a brief overview of some key features and processes we have put in place to support GDPR compliance. This overview is not meant to be legal advice, it is not meant to assure your organization is in compliance with GDPR regulations, and it is not meant to serve as a checklist of comprehensive GDPR compliance. Rather, this brief overview helps illustrate our standard operating procedures around some key components of the GDPR regulation that we feel will be most applicable to our customers, partners, and prospects.

Lawfulness of Processing

Requirement: CacheFly will need to have a lawful reason to use your data. Lawfulness of Processing may be enacted via consent, via notice and/or via execution of a contract (e.g. becoming a customer or partner).Remedy: CacheFly has added the ability to track and audit the grant of Lawfulness of Processing within our CRM and Marketing platform. Effective 25 May 2018, all new records created will be in compliance with this requirement. If your record was created prior to 25 May 2018, we will make a best effort to provide you with this information.

Consent

Requirement: CacheFly shall be able to demonstrate that you have consented to the processing of your information for business communications.

Remedy: CacheFly has defined processes for the ability to respond to requests for consent verification. Effective 25 May 2018, all new records created will be in compliance with this requirement. If your record was created prior to 25 May 2018, we will make a best effort to provide you with this information

Withdrawal of Consent (Opt-Out)

Requirement: CacheFly shall be able to illustrate which communications you have provided consent to receive and provide the ability for this consent to be withdrawn upon your request.

Remedy: CacheFly has defined processes for the ability to Opt-Out of business communications in part or in total.

Rectification

Requirement: CacheFly shall be able to provide you with verification of any incomplete or inaccurate personal data upon request.

Remedy: CacheFly has defined processes for rectifying incomplete or inaccurate personal data, upon request.

Access & Portability

Requirement: CacheFly shall be able to provide you with the personal data you have provided to CacheFly in a structured, commonly used and machine-readable format.

Remedy: CacheFly has defined processes for providing individuals with the personal data they have provided to our company in a structured, commonly used and machine-readable format.

Right To Be Forgotten

Requirement: CacheFly shall be able to permanently delete all personal data the company has about you including, but not limited to, emails, call records, support ticket submissions, etc.

Remedy: CacheFly has defined processes for permanently deleting all personal data the company has about an individual including, but not limited to, emails, call records, support ticket submissions, etc. However, certain personal data may be retained if such data is required for execution of the contract between the individual, the individual’s company and CacheFly.

There are many more requirements within the GDPR legislation. As an EU citizen, should you or anyone in your organization have any questions, please contact us.