Registration with the Information Commissioner's Office
Email Hippo is registered with the Information Commissioner's Office, our reference is ZA309925. Registration with the Information Commissoner's Office (ICO) is a requirement under the Data Protection Act 1998 for all organisations that process personal data. For more information about the ICO read here. Our registration certificate can be viewed here.
Do you have questions regarding compliance?
If you have any queries about data security or compliance contact our Data Protection Officer: [email protected]
Email Hippo, ISO 27001 and the General Data Protection Regulation
The graphic below shows the relationship between the General Data Protection Regulation and ISO 27001. It's followed by an article that gives more detail about GDPR and ISO 27001.
What is the GDPR?
The General Data Protection Regulation is a European Directive that is coming into force on May 25th 2018.
The regulation will be in force in all twenty eight countries within the European Union. Companies not based in the EU, who handle data relating to EU individuals will have to conform.
It replaces the Data Protection Act and in doing so extends the scope of the Act. The penalties under the GDPR are greater than those enforceable under the Data Protection Act.
Email Hippo is a UK based company. The UK government has confirmed that Brexit will not prevent the UK from being required to conform to this Directive. Regardless of the finer detail of any Brexit negotiation, Email Hippo will still conform to GDPR as it will be processing data about individuals of EU member states. It is possible that companies in the UK who deal solely with data relating to UK citizens will be required to conform to an alternate, comparable law post-Brexit.
Why does GDPR matter to Email Hippo customers?
Email Hippo customers upload lists of email addresses for bulk validation, or use the Email Hippo API to check email addresses on an individual basis.
It is understandable that customers want to be assured that data provided to Email Hippo is handled in a safe, secure environment and that Email Hippo will not store, copy or share the data.
Email Hippo customers will have their own uses for data and their own methods of collecting, storing and using data. The GDPR will impact all companies either based in the EU, or using or selling data about citizens of the EU to identify or contact EU individuals. This document outlines the relationship between Email Hippo and its customers in relation to the ISO 27001 and the GDPR. If you need information about your specific implications for the GDPR relating to your company, please read here.
Email Hippo and ISO 27001
Email Hippo systems are ISO 27001 accredited. The ISO 27001 quality standard is an international best practise standard that applies to information security management and encompasses the people, processes and technology of Email Hippo.
Email Hippo adheres to the ISO 27001 framework and manages data in a way that minimises risk and maximises reporting efficiency.
The GDPR asserts that the Controller and Processor must ‘implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.’ In addition, GDPR Article 42 encourages companies to establish data protection certification mechanisms.
GDPR Article 43 mentions ISO/IEC (International Organization for Standardization) as being a named national accreditation body. The ISO is an independent non-governmental international organization, based in Switzerland. It has a membership of 162 national standards bodies around the world. The British Assessment Bureau is accredited by the UK government accreditation service (UKAS). UKAS is the sole accreditation body for ISO in the UK. The British Assessment Bureau certified the Email Hippo ISO 27001 system.
Email Hippo gained the ISO/IEC 27001 Information Security Management standard via the British Standards Institute (BSI). The BSI is the UK member of the ISO/IEC.
Email Hippo customers should be assured that Email Hippo information management systems are robust, relevant and fit for purpose in relation to conforming to GDPR.