What is the GDPR?
The General Data Protection Regulation is a European Directive that is coming into force on May 25th 2018.
The regulation will be in force in all twenty eight countries within the European Union. Companies not based in the EU, who handle data relating to EU individuals will have to conform.
It replaces the Data Protection Act and in doing so extends the scope of the Act. The penalties under the GDPR are greater than those enforceable under the Data Protection Act.
Email Hippo is a UK based company. The UK government has confirmed that Brexit will not prevent the UK from being required to conform to this Directive. Regardless of the finer detail of any Brexit negotiation, Email Hippo will still conform to GDPR as it will be processing data about individuals of EU member states. It is possible that companies in the UK who deal solely with data relating to UK citizens will be required to conform to an alternate, comparable law post-Brexit.
Why does GDPR matter to Email Hippo customers?
Email Hippo customers upload lists of email addresses for bulk validation, or use the Email Hippo API to check email addresses on an individual basis.
It is understandable that customers want to be assured that data provided to Email Hippo is handled in a safe, secure environment and that Email Hippo will not store, copy or share the data.
Email Hippo customers will have their own uses for data and their own methods of collecting, storing and using data. The GDPR will impact all companies either based in the EU, or using or selling data about citizens of the EU to identify or contact EU individuals. This document outlines the relationship between Email Hippo and its customers in relation to the ISO 27001 and the GDPR. If you need information about your specific implications for the GDPR relating to your company, please read here.
Email Hippo and ISO 27001
Email Hippo systems are ISO 27001 accredited. The ISO 27001 quality standard is an international best practise standard that applies to information security management and encompasses the people, processes and technology of Email Hippo.
Email Hippo adheres to the ISO 27001 framework and manages data in a way that minimises risk and maximises reporting efficiency.
The GDPR asserts that the Controller and Processor must ‘implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.’ In addition, GDPR Article 42 encourages companies to establish data protection certification mechanisms.
GDPR Article 43 mentions ISO/IEC (International Organization for Standardization) as being a named national accreditation body. The ISO is an independent non-governmental international organization, based in Switzerland. It has a membership of 162 national standards bodies around the world. The British Assessment Bureau is accredited by the UK government accreditation service (UKAS). UKAS is the sole accreditation body for ISO in the UK. The British Assessment Bureau certified the Email Hippo ISO 27001 system.
Email Hippo gained the ISO/IEC 27001 Information Security Management standard via the British Standards Institute (BSI). The BSI is the UK member of the ISO/IEC.
Email Hippo customers should be assured that Email Hippo information management systems are robust, relevant and fit for purpose in relation to conforming to GDPR.
Update: February 2019. Email Hippo Information Security Management Systems have received renewed accreditation for the ISO27001:2017 quality standard. The reach of the accreditation has been extended to include cloud based email validation and confirmation of data accuracy services.