The last few weeks have been filled with news about data protection. Between the invalidation of the Privacy Shield, the controversy over the use of data by Tiktok, questions about the security of personal data arise and we are here to enlighten them for you.
What is Privacy Shield?
The Privacy Shield is a mechanism that allows the transfer of personal data between the European Union and the United States with similar guarantees to the GDPR. In 2016, it succeeds the "Safe Harbor" which was also invalidated following the accusations of the Austrian Maximillian Schrem.
The Court of Justice of the European Union (CJEU) invalidated the Privacy Shield in July because transfers of personal data between the European Union and the United States carry a risk of surveillance by the United States (a point highlighted following Edward Snowden's revelations in 2013).
What does this mean concretely?
The personal data of European citizens can no longer be transmitted or processed by servers located in the United States. This is a huge change for many web players, with American partners or service providers, who will have to find an alternative quickly.
For users of Webmecanik Automation, although Mautic Open Source technology to which we contribute is American, the cancellation of the privacy shield has no impact on our customers because the code is community-based, it belongs to no one, or rather to everyone. Consequently, the distribution that Webmecanik makes under its Webmecanik Automation version has nothing American about it. Moreover, we have made the choice since the beginning of our history to host our data and those of our customers on servers in France with French hosting companies*.
*This applies to our standard offer. We also have data hosting available in specific countries upon request (Switzerland, Australia, USA and Canada).
Data storage location, why is this important?
According to the CNIL (National Commission on Informatics and Liberty, the French administrative regulatory body that ensures data privacy law is fully enforced), each company must ensure that the service providers they choose and who will be linked to personal data are able to meet regulatory obligations. The CNIL also requires transparency on the means implemented to guarantee the security and confidentiality of the data that companies and their service providers manage.
It is within this framework that the choice of the location of the servers makes sense. The choice of service providers with servers located in countries subject to the GDPR ensures regulatory compliance and protection of your data.
At Webmecanik, our servers are mainly located in Europe (France and Switzerland) but also in Canada, USA and Australia. Locations in overseas countries are available for customers located in these countries only. This allows us to meet regulations and ensure better technical performance for the needs of our customers located abroad. There is no risk that French or Swiss users will see their data transiting through a server located outside Europe.
GDPR is no joke
What do you risk if you don't comply with the regulation?
Since its implementation in 2018, more than 160,000 complaints have been filed and more than 114 million euros in fines have been distributed by European regulators.
The most recent example is the online shoe sales company Spartoo, which was fined 250,000 euros. This decision follows the lack of a data retention period and a lack of security.
Access the General Data Protection Regulation
Our commitment towards the security of your data
GDPR ready: Webmecanik is a pioneer in GDPR compliance, we are one of the few to be 100% compliant. In addition to this, our training sessions help you to be GDPR friendly as well.
Data hosting: As previously mentioned, our servers are located in France, Switzerland, Canada, USA and Australia. Webmecanik is the only marketing automation editor to give you the option to host your data in Switzerland. The location of our servers guarantees a high level of data storage security. We know you need trust, discretion, reliability and stability.
Data continuity: we set up a daily backup in case of failure of our French host OVH, these backups are duplicated in other datacenters to ensure that no data is lost.
Availability: We have a redundant high availability infrastructure, so that the failure of a machine has no impact on your service level. Our infrastructure also allows us to support large load peaks (intense activity following your communication actions) and to distribute static resources quickly. We commit to a 99.95% SLA (availability) excluding planned maintenance.
Certification: All our websites and instances are protected by SSL certification, comply with ISO certifications (27001, 27005, 9001, 27018, 22301) and the DICT methodology.
More information about our GDPR compliance
