1

GDPR Compliance with Regie.ai

Katie Bonadies

Last Update منذ ٢٠ يومًا

1. Introduction
The General Data Protection Regulation (GDPR) sets a high standard for data privacy and protection, impacting how businesses worldwide handle personal data. For companies using marketing and sales automation tools, GDPR compliance is not optional but a critical requirement. This resource outlines how Regie.ai supports its customers in maintaining GDPR compliance while leveraging its platform for sales and marketing activities.
Role Differentiation: Data Controllers and Data Processors

Under GDPR, there is a clear distinction between data controllers and data processors. A data controller is the entity that determines the purposes and means of processing personal data. In contrast, a data processor processes data on behalf of the controller. Regie.ai operates as a data processor, while its customers act as data controllers.


Responsibilities of Data Controllers:

  • Obtaining lawful consent from data subjects

  • Defining the purposes and legal bases for data processing

  • Upholding the rights of data subjects, including the right to access, rectify, and erase personal data


Responsibilities of Data Processors (Regie.ai):

  • Acting strictly on the documented instructions of the data controller

  • Implementing appropriate technical and organizational measures to ensure data security

  • Assisting the data controller in responding to data subject rights requests and maintaining records of processing activities


For more detailed information on the roles and responsibilities under GDPR, we recommend consulting the official GDPR resource.

2. Regie.ai as a Data Processor

As a data processor, Regie.ai operates under the instructions of its customers—the data controllers. This means Regie.ai is tasked with handling personal data in a manner that complies with GDPR requirements while ensuring that it adheres to the specific instructions and policies set forth by its customers.

Responsibilities of Regie.ai as a Data Processor

Regie.ai's primary responsibility is to follow the controller's instructions regarding data processing activities. This includes implementing appropriate technical and organizational measures to ensure data security, assisting with data subject rights requests, maintaining records of processing activities, and ensuring transparent sub-processing practices.

3. How Regie.ai Supports GDPR Compliance
3.1 Acting Within the Instructions of the Data Controller

Regie.ai empowers customers to customize their data processing activities, from list setups to geographic targeting and audience expansion. Customers maintain control over the data they process using Regie.ai, ensuring that they adhere to their own GDPR compliance policies. For instance, customers can specify which geographic regions to target or avoid, manage opt-in consent, and determine the content of communications. Regie.ai ensures it operates strictly within these guidelines, allowing customers to remain compliant.

3.2 Technical and Procedural Security Measures

Data security is paramount under GDPR. Regie.ai employs stringent technical and procedural security measures to protect customer data. The platform complies with several industry-recognized security standards, including SOC 2 and AppExchange security certifications. In addition, Regie.ai has earned GDPR compliance certifications that validate its commitment to data security. These certifications, alongside regular security audits, demonstrate that Regie.ai has implemented robust measures to safeguard personal data against unauthorized access, loss, or breaches.

3.3 Fixed and Communicated Sub-Processor List

Regie.ai maintains a fixed and transparent list of sub-processors involved in data processing activities. This list is regularly updated and communicated to customers. Any changes to this list, such as the addition of a new sub-processor, are communicated to customers in advance, allowing them to review and approve or reject the new sub-processor. The list is available upon request. This transparency ensures that customers are fully informed about how and where their data is processed, maintaining compliance with GDPR's requirements for data processors.

3.4 Maintaining a Record of Processing

Regie.ai maintains detailed records of processing activities to support its customers in their compliance efforts. This includes tracking all actions taken on personal data, such as importing data, sending emails, making calls, and managing sequences. These records are readily available to customers, allowing them to demonstrate compliance with GDPR's record-keeping requirements. For example, Regie.ai logs every interaction it has with a customer’s sales leads, providing a comprehensive history of how personal data has been processed within the platform.

3.5 Data Breach Notification

In the unlikely event of a data breach, GDPR requires data processors to notify the data controller within 30 days. Regie.ai is committed to this requirement and has established procedures to ensure prompt notification. This allows the data controller to take necessary steps to mitigate any potential impact on data subjects and fulfill their legal obligations to inform regulatory authorities and affected individuals.

3.6 Assisting with Data Subject Rights Requests

GDPR grants data subjects specific rights, including the right to access, rectify, and erase their personal data. Regie.ai assists its customers in fulfilling these requests efficiently. For instance, data subjects can request to access, change, or delete their data by contacting [email protected]. Regie.ai will ensure that the requested data is updated or deleted within 30 days, in compliance with GDPR.

3.7 Return or Delete Data Upon Contract Termination

Upon contract termination, Regie.ai ensures that all personal data is either returned to the customer or securely deleted within 30 days. The platform offers a process for securely archiving and purging data to ensure it is no longer accessible or recoverable. During this period, the data is rendered inaccessible to ensure it cannot be used for further processing, in line with GDPR requirements.

4. Additional Considerations

While this resource focuses on GDPR, Regie.ai also acknowledges the importance of other data protection laws, such as the California Consumer Privacy Act (CCPA). Furthermore, upcoming regulations, like the AI Act, are on Regie.ai's radar. As a low-risk provider under the AI Act, Regie.ai is already preparing to ensure continued compliance as the regulatory landscape evolves.

5. Conclusion

Regie.ai is dedicated to supporting its customers in their GDPR compliance efforts by acting as a responsible data processor. Through robust security measures, transparent data processing practices, and a commitment to assisting with data subject rights requests, Regie.ai provides a platform that prioritizes data privacy and security. By leveraging Regie.ai, customers can confidently maintain compliance with GDPR, ensuring that personal data is handled with the utmost care and in accordance with legal requirements.

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us