Pusher will be compliant with General Data Protection Regulation (“GDPR”) by the time it comes into force on 25 May 2018. At Pusher, we have a deep respect for data. We have always had a strong commitment to privacy, security, and transparency - both towards our customers, as well as towards our own employees. This translates into an already well-considered and sensible attitude in our approach to data.
We like what the GDPR is seeking to achieve. We are proud of our existing attitude towards data, because it means that we only need to make a few tweaks here and there to ensure we are compliant with the GDPR. On this page is an overview of what we are doing to be GDPR compliant, and what it will mean for you as a Pusher customer.
Will Pusher be compliant with the GDPR by 25 May 2018?
Yes. Pusher will be compliant on or before 25 May 2018, the date the GDPR comes into force in the UK.
Will our customers be able to use Pusher products and services without risking a breach of the GDPR?
Yes. Pusher will be GDPR compliant by 25 May 2018. Customers to whom the GDPR applies will of course need to make sure their business is compliant with the GDPR in its own right. If it is, the customer will not risk a breach of the GDPR by using Pusher products and services.
How has Pusher been preparing for the GDPR?
Here are some highlights of the work we’ve been doing to get ready for the GDPR:
Privacy by design: We are always reviewing the way we design, build and implement updates and new products and services to ensure data privacy remains a core part of our decision-making processes at every level.
Data security: We are reviewing our internal data practices and policies to ensure our approach to data is compliant, consistent and clear across Pusher.
Working with Customers: We are working with our customers to answer their questions and adjust or supplement our agreements to ensure customers can use Pusher in compliance with GDPR.
Data portability: Our data promise has always been the same - You own your data, not us. We are making changes to improve the portability of our customers’ data. Data processing: To be able to fulfill our commitments to customers as a data processor, we are carrying out work to ensure our terms and conditions contain provisions that are appropriate to the data we store, and balance the risks and responsibilities between us and our customers fairly.
Do these changes affect Pusher customers in any way?
Yes. We will be updating our legal terms available on https://pusher.com/legal/ to bring them into compliance with the GDPR and those changes will apply to Pusher customers.
Pusher customers will be notified when the legal terms have been updated. We recommend Pusher customers read the updated terms because using Pusher products and services after the updated terms have gone live will be treated as acceptance of those terms.
Will this work impact Pusher customers’ current (or planned) integration in any way?
No. As long as our customers are happy to agree to the Pusher online terms and conditions (including updates we will be making for GDPR compliance purposes), there will not be any impact on customers’ current or planned integrations.
What is the GDPR?
The General Data Protection Regulation is a new European data regulation which will replace the current EU Data Protection Directive. The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. It is designed to give organisations a consistent framework on how personal data can be collected, processed, used, and shared across EU member states The GDPR provides individuals with more control over how their personal data can be processed.
The GDPR is European Union law. What happens after Brexit?
Pusher is committed to complying with the requirements of the GDPR long-term, regardless of Brexit. The GDPR regulates the “processing,” which includes the collection, storage, transfer or use, of personal data about EU individuals. That means that a company outside the EU that processes personal data about EU individuals will have to comply with GDPR as well. For example, a US based company that processes personal data of individuals in France will need to comply with the GDPR.
Our customers are situated all over the world, including in the EU. Additionally, personal data of our customers’ end-users passes through our data centres, one of which is situated in the EU. This means we process personal data belonging to EU individuals, so it doesn’t matter whether we are based in an EU member state or not - the GDPR will apply to us regardless.
So not only will the GDPR will be brought into UK law under the new Data Protection Bill, designed to ensure data protection measures are maintained after the implementation of Brexit, the GDPR itself will continue to apply to Pusher as well.