The smsmode© blog ©
smsmode and GDPR: The security of your data
What guarantees for you?
The security of our applications and of our customers' personal data is at the heart of our concerns. The implementation of the European Regulation, better known as the General Regulation on Data Protection (GDPR) is of strategic importance for smsmode.
To help us comply with the GDPR, the law firm PINT AVOCATS, dedicated to intellectual property, industrial property, new technologies and life sciences, is supporting us in our approach. At smsmode, the need to be accompanied by legal professionals in the treatment of your personal data quickly appeared as an evidence.
Commitments smsmode
We are already implementing corrective measures to comply with current legislation as quickly as possible. The aim of these actions is to ensure the security of your personal data through, for example, the revision of all our data retention periods, the encryption of data or their anonymization in order to avoid any disclosure of the information you have entrusted to us.
Running for the GDPR !
Our automated SMS solutions are used in various sectors such as banking or the medical field. These sectors gather a great number of personal data considered as sensitive data which must be protected, treated in all confidentiality. It is for that reason that smsmode has for objective the maximum application of the recommendations of the GDPR, in order to ensure the respect of the obligations which result from it as soon as possible.
Interpreting legislation
In this compliance process, we want to guarantee you optimal security with better commitments. That is why we have already appointed our correspondent, a qualified person (Correspondant Informatique & Libertés) who will become our DPO (Data Protection Officer) as of 25 May 2018. The DPO is a person external to our company whose mission is to take care of compliance and the establishment of all processes and verification of our applications to achieve the objective of maximum data security.
Revised contracts and general terms of use
A review of customer contracts and our terms and conditions of use is made necessary to bring them into compliance with the new regulations.
FOR YOU, WHAT IS CHANGING...
Contractual clauses protecting your interests and the confidentiality of your data will be added to contracts. A specific communication will be sent to our clients on this subject.
Security of treatments and personal data
In order to provide the best possible security for personal data, smsmode will apply a policy of reducing the amount of user data stored on our platform.
YOUR GUARANTEES...
- In terms of encryption: Currently, we already encrypt all stored data related to the user contact and the text of the SMS messages sent.
- In terms of data storage reduction policy: following the analysis of the processing operations, a policy of reducing the amount of personal data stored will be put in place to collect the minimum amount of customer information and to keep it for the time strictly necessary.
- In terms of user data: access to customer data will be limited to smsmode employees and protected by encryption.
Mapped client data processing
The GDPR obliges the listing of the treatments carried out on the personal data. With regard to the use of our services, we perform 3 major types of treatments on behalf of our customers:
- Sending SMS to users,
- The collection of the reports of receipt of these texts,
- Detailed billing and provision of detailed SMS statistics following the categories of SMS sent.
YOUR GUARANTEES...
We keep a register of the processing carried out for our clients in our capacity as a subcontractor in accordance with the GDPR .
A security audit
Safety tests are regularly carried out in real condition.
Physical security audit :
- Attempted intrusion of the company
- Attempting to obtain information from employees smsmode
Virtual security audit :
- Hacking attempt (white hacker)
- Recommendations for improvements in our systems
YOUR GUARANTEES...
A continuous security control is thus ensured on the services we offer.
Reminder: What is the GDPR?
The General data protection Regulation (GDPR) is the new law on the protection of personal data. In a world where data becomes the Internet gold, it was time to legislate on its protection and thus to pass cybersecurity on the front of the stage. The term "personal data" is defined according to the CNIL as: "any information that directly or indirectly identifies a natural person (e.g. name, registration, telephone number, photograph, date of birth, commune of residence, fingerprint...). »
This new regulation will enter into force from 25 may 2018. as of this date, your personal data, so-called sensitive, as far as we are concerned, may be an IP address, a password...... Must be the subject of special collection, exploitation and conservation. This means, as a service provider, that all the data we collect in our information systems is subject to legal obligations.
The main GDPR changes concern:
- The evolution of the term "personal data" which now determines any information that identifies a natural or legal person.
- Strengthening individual rights to consent and access to data
- The responsibility of all providers and subcontractors who can be designated as responsible and be judged at the same price as the partner company.
- Imperative information to users of the purpose and use that will be made of their collected data as well as their rights of modification or deletion (right to oblivion).
- An easy unsubscribe of users and a definitive deletion of their data.
- The implementation of preventive measures of the security of processing of data protections.
- Information of people of any data leakage.
Our team advises you...
Interested in setting up the SMS? Our sales and technical teams are at your disposal to answer all your questions about our SMS solutions and to take advantage of the advice of setting up SMS campaign.