GDPR – What IronBox is doing about it

May 25, 2018
Kevin Lam

IronBox has always taken the security and privacy of customer data very serious, and has consistently demonstrated this by exceeding industry standards. From day one, IronBox has taken the approach of only storing (and protecting) what is necessary for the functioning of our products and nothing more. Even with that privacy and security-first culture baked in, IronBox is taking the General Data Protection Regulation (GDPR) very serious and have taken steps to help ensure compliance.

What is personal data?

Personal data can be defined as anything that can be used by itself or with other pieces of data to help identify an individual. Some examples include financial information, address information, sexual orientation, ethnicity and medical records.

What personal data does IronBox collect?

Here’s the information that we collect from our users and its use. IronBox does not market, or resell, any of its user data. Never has and never will.

  • Email address: Required to use the service
  • Name and address (optional): Used for customization of the service
  • Mobile number (optional): Used to implement multi-factor authentication for better account protection
  • IP address: Used for account protection whitelists and web analytics

What is GDPR?

GDPR is a EU data protection and privacy law that gives users under the EU more control over their personal data that becomes enforceable today (May 25th, 2018). The GDPR applies to any globally operating company and just EU-based businesses or users.

How is IronBox preparing for GDPR?

IronBox has done or will be doing a number of things to help ensure compliance with GDPR, they include, but not limited to:

  • Assessing our IronBox service against the GDPR requirements and are implementing or have implemented features to give our users more control over their data.
  • Conducting a Data Protection Impact Assessment (DPIA) of the IronBox service and will be implementing improvements
  • Putting together a personal data inventory that includes any roles that IronBox plays with respect to GDPR (such as data controller, processor, etc.)
  • Revising privacy policies to incorporate new requirements (this will go live shortly)
  • Cleaning up our database and mailing lists to ensure that we have only the latest and most accurate information. This cleanup primarily includes removing emails and any associate information for terminated and dormant accounts
  • Setting up an additional channel (outside the UI where users already have full control) whereby any user can require to access, transfer, rectify or erase their personal data

If you have any questions or comments, please feel free to contact us at any time.