Oktopost and GDPR
The European Union's (EU) data protection framework, the General Data Protection Regulation (GDPR), went into effect on May 25th, 2018. It is the most significant piece of data protection legislation to date. The GDPR impacts any organization that processes personal data in connection with goods or services offered to an EU resident or monitors the behavior of persons within the EU. The GDPR strengthens individual privacy rights by regulating the processing of personal data, significantly expanding personal data protection, and providing increased transparency into the nature, purpose, and use of personal data.
Our privacy and data protection policies comply with the GDPR standard, and we work with our customers in their role as data controllers, to ensure that any questions are addressed.
Oktopost's Commitment to Data Protection and GDPR Compliance
As part of our effort to stay at the forefront of social media marketing, we understand that customer engagement plays a significant role in today’s marketing ecosystem and the importance of putting privacy and data protection in the hands of the data subject.
As with other data protection laws, GDPR compliance requires commitment from both Oktopost and our customers. We are invested in our customers' success and the protection of data and are putting efforts into assisting Oktopost customers to comply with GDPR, where applicable.
How Does The GDPR Apply to Oktopost And Our Customers?
Oktopost is a social media management platform that enables its customers to engage audiences, measure results, and amplify reach on social media. Because the content on social media is user-generated, it may at any time contain personal data of social media users. As a result, the GDPR applies differently to both Oktopost and its customers.
Similar to previous regulations, the GDPR differentiated between organizations that are "data controllers" and "data processors." According to the EU definitions, Oktopost is considered a data processor of content generated, requested, or published through our platform. Our customers are in control of how their data is collected, and are legally considered data controllers of the content found on our platform. More information about the data collected by us is located in our Privacy Policy.
In order to maintain constant compliance with GDPR requirements, Oktopost has a Data Processing Addendum (DPA), made to ensure that Oktopost (as data processor) and its customers (as data controllers) are following GDPR guidelines and obligations.
What Organizational And Technical Safeguards Does Oktopost Provide to Help its Customers Comply With The GDPR?
Oktopost maintains a high standard for security and compliance using industry-leading organizational and technical measures to keep personal data secure. These include, among others:
- Administrative Controls
- Access Controls
- Encryption of Data
- Strict Security Measures
In addition to the abovementioned measures and the GDPR compliance requirements, Oktopost also participates in the EU-US Data Privacy Framework, and its applicable extensions, to ensure compliance and protection of any collection, use, and retention of personal information originating from the European Economic Area member countries, Switzerland and the United Kingdom. For more information about the Data Privacy Framework, and to view Oktopost’s registration information, please visit: https://www.dataprivacyframework.gov/s/.
Visit the Oktopost Security and Customer Data Protection page to learn more about our approach to security and measures in place.
Where Does Oktopost Process and Store Data
Oktopost processes and stores data on the Amazon Web Services ("AWS") servers that it licenses, located in the United States (AWS us-east-1) and Europe (AWS eu-central-1), and operates in compliance with the GDPR requirements. See https://aws.amazon.com/compliance/eu-data-protection/ for additional information.