Oktopost and GDPR

Background

The European Union's (EU) new data protection framework, the General Data Protection Regulation (GDPR), went into effect On May 25th, 2018. It is the most significant piece of data protection legislation to date. GDPR impacts any organization that processes personal data in connection with goods or services offered to an EU resident or monitors the behavior of persons within the EU. The GDPR strengthens individual privacy rights by regulating the processing of personal data, significantly expanding personal data protection, and providing increased transparency into the nature, purpose, and use of personal data.

Our privacy and data protection policies comply with the GDPR standard, and we work with our customers in their role as data controllers, to ensure that any questions are addressed.

Oktopost's Commitment to Data Protection and GDPR Compliance

As part of our effort to stay at the forefront of social media marketing, we understand that customer engagement plays a significant role in today’s marketing ecosystem and the importance of putting privacy and data protection in the hands of the data subject.

As with other data protection laws, GDPR compliance requires commitment from both Oktopost and our customers. Oktopost has been compliant with the GDPR before the regulation coming into effect.

How Does The GDPR Apply to Oktopost And Our Customers?

Oktopost is a social media management platform that enables its customers to engage audiences, measure results, and amplify reach on social media. Because the content on social media is user-generated, it may at any time contain personal data of social media users. As a result, the GDPR applies differently to both Oktopost and its customers.

Similar to previous regulations, the GDPR differentiated between organizations that are "data controllers" and "data processors." According to the EU definitions, Oktopost is considered a data processor of content generated, requested, or published through our platform. Our customers are in control of how their data is collected, and are legally considered data controllers of the content found on our platform. More information about the data collected by our customers and us is located in our Privacy Policy.

Oktopost has a Data Processing Addendum (DPA) in light of the GDPR's Article 28 on data processors. This GDPR DPA is available for customers to sign, and can be obtained by emailing privacy@oktopost.com.

What Organizational And Technical Safeguards Does Oktopost Provide to Help its Customers Comply With The GDPR?

Oktopost maintains a high standard for security and compliance which can be found on our Security and Customer Data Protection page and uses industry-leading organizational and technical measures to keep personal data secure. These include:

Where Does Oktopost Process and Store Data

Oktopost processes and stores data on the Amazon Web Services ("AWS") servers that it licenses, which are located in the United States. AWS maintains that they are Privacy Shield certified and are GDPR compliant as well. See https://aws.amazon.com/compliance/eu-data-protection/ for additional information.