GDPR Information

What is GDPR?

The EU General Data Protection Regulation has been implemented to increase protection of personal data for individuals in the European Union. This new policy takes effect on May 25, 2018.

Our support

Follow to the GDPR Features to see how our platform supports GDPR.

Who does the GDPR apply to?

The GDPR applies to anyone in the EU who processes personal data as well as any organization outside of the EU that processes personal data of individuals in the EU.

If you manage personal data of any type, including email addresses, the GDPR will most likely affect your organization.

Consent is initially defined in Article 4 and is addressed throughout the GDPR.

Consent needs to be informed. Organizations are required to present information about data usage “in a concise, transparent, intelligible and easily accessible form, using clear and plain language” (Article 12). Organizations will need explicit consent from individuals and need to be able to prove that individuals have given consent (Article 7).

When an organization collects personal data, it is required to provide information in accordance with Article 13.

Individual Rights

Articles 12-23 present the individual rights covered by the GDPR. GDPR increases individual rights to their personal data.

Right of Access

Article 15, the right of access, grants individuals the ability to request information about how their data is being utilized and the right to request a copy of the data being used.

Right to rectification

Article 16 grants individuals the right to contact a controller to correct inaccurate personal data.

Right to be forgotten

Article 17 allows individuals to request that their data be erased under certain circumstances, such as: If the data no longer needs to be processed for it’s originally intended purpose If the individual no longer consents to data use. If the data was processed unlawfully

Right to Restriction of Processing

Article 18 gives individuals the right to restrict how their data is processed in specific circumstances.

Right to data portability

Article 20 grants individuals the right to receive their personal data for the purpose of using it elsewhere.

Right to Object

Article 21 grants people the right to object to the processing of their data, "unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject for the establishment, exercise or defence of legal claims."

Data Processing

The GDPR contains a variety of requirements around the processing of personal data. In this section we will outline the most important data processing requirements and provide links to the applicable sections of the GDPR

Controllers and Processors

A Controller is the organization that controls how personal data will be used. A Processor is the organization that processes personal data as instructed by the Controller. Each of these parties responsibilities are laid out in Articles 24-43.

Generally ExpressPigeon is a Processor and users of ExpressPigeon are Controllers. It is possible for one to be BOTH a Processor and a Controller.

Data processing agreements

Article 28 states that Controllers must have clearly documented contracts with Processors that define the requirements of processing. These contracts are required to be “in writing, including in electronic form.” Processing contract requirements can be found in this same article.

Data protection officers

Article 37 states that many organizations will be required to name a data protection officer. The data protection officers responsibilities are outlined in Article 39. Transfer of personal data to third countries or international organizations

Articles 44-50 address the specific requirements for transferring personal data to third parties or international organizations. The GDPR doesn’t require the personal data of EU citizens to stay in the EU, but does have requirements for these kinds of transfers.


By no means, this page is not a legal document. We encourage you to seek legal councel in case you have further questions.