Appointy’s GDPR readiness

The General Data Protection Regulation (GDPR) is a new European privacy law due to become enforceable on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.

The GDPR applies to all organizations established in the EU and to organizations, whether or not established in the EU, that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behavior that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person.

Appointy compliance, operations, and security teams have been reviewing everything that Appointy already does to ensure it complies with the requirements of the new GDPR. We have established data protection team who would solely responsible for implementing and keeping a check on controls and procedures to ensure data security, integrity and compliance with all applicable data privacy and protection laws. We have also been working with customers around the world to answer their questions and help them prepare for after the GDPR becomes enforceable. We can confirm that Appointy GDPR ready.

In addition, we have a new Data Processing Agreement (GDPR DPA) that will meet the requirements of the GDPR. This GDPR DPA is available to all Appointy customers to help them prepare for May 2018. For additional information on the GDPR DPA, or to obtain a copy, please write to us at data-protection@appointy.com.

Appointy maintains a high bar for security and compliance across all of our operations. Security has always been our highest priority – truly "job zero." Our security provides the foundation for our recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27001:2013, and Cyber Essentials (UK). Additionally, we host our services on the best-in-industry cloud services provider with more certifications than any other such provider. This provides customers with additional assurances regarding their ability to fully control their data in a safe, secure, and compliant environment when they use Appointy.

Yes, Appointy complies with the General Data Protection Regulation (GDPR). This means that, in addition to benefiting from all of the measures that Appointy already takes to maintain services security, customers can employ Appointy as a part of their GDPR compliance plans.

For those that have already implemented a high bar for compliance, security, and data privacy, the move to GDPR should be simple. For those who are yet to start their journey to GDPR compliance, we urge you to start reviewing your security, compliance, and data protection processes now to ensure a smooth transition in May 2018. Here are some of the key points that you should consider for GDPR compliance:

• Territorial Reach: Determining whether the GDPR applies to an organisation’s activities is essential to ensuring that organisation's ability to satisfy its compliance obligations. The GDPR applies to all organisations that are established in the EU. However, depending on your activities, the GDPR may also apply to you if you are established outside the EU.
• Data Subject Rights: The GDPR enhances the rights of data subjects in a number of ways. For example, data subjects have the right to object to the processing of their data and they have the right to data portability. You will need to make sure you can accommodate the rights of data subjects if you are processing their personal data.
• Data Breach Notifications: If you are a data controller, you will need to report data breaches to the data protection authorities without undue delay. Appointy will notify you without undue delay if we are aware of a breach of our security standards relating to the Appointy.
• Data Protection Officer (DPO): You may need to appoint a DPO who will need to manage data security and other issues relating to the processing of personal data.
• Data Protection Impact Assessment (DPIA): You may need to conduct, and in some circumstances you may be required to file with the supervisory authority, a DPIA for your processing activities. This will need to identify your data handling procedures and processes, as well as the controls in place to protect personal data.
• Data Processing Agreement (DPA): You may need a DPA that will meet the requirements of the GDPR particularly if personal data is transferred outside the EEA. Appointy offers customers a GDPR DPA that is available on request to help customers prepare for next May.

Yes. Appointy offers a GDPR-compliant Data Processing Agreement (DPA), enabling you to comply with GDPR contractual obligations. For more information on how customers can enter into the Appointy Data Processing Agreement, please write to us at data-protection@appointy.com.

You can contact us directly with all your queries regarding GDPR. You can write to us at contact@appointy.com.

Yes, we do. Like any other software services provider, we employ resources from different providers and vendors to develop and provide you a great service and customer support experience. Full-list our sub-processors can be found in our DPA.

Appointy gives utmost importance to Data Security and Privacy. We obtained our ISO 27001:2013 certification in 2017, and do regular internal and external audits of our security infrastructure and organisational controls. We use the most secure data centers, with the most security certifications and SOC reports. Our systems were designed to automate scans that regularly check for security vulnerabilities and make us aware of issues that would require additional review by a member of our security team. As a result, Appointy has a firm security foundation.

All the information and data that you store and generate from Appointy is already encrypted at all times. All data processed by us is encrypted at rest and in transit.

Appointy allow for the deletion of content by customers on demand, using delete feature and various spots in Appointy. You can also submit your data deletion request to us, and we would help out. You can submit your requests to contact@appointy.com.

There are numerous resources to give you more information about the GDPR. We recommend visiting the GDPR’s official website, the European Data Protection Supervisor, or the Data Protection Commissioner. Additionally, you can read the full GDPR legislation here.