GDPR Compliance

GDPR Compliance


The GDPR (General Data Protection Regulation) is a new EU Regulation which replaced the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It came into force on 25th May 2018.

More information on GDPR can be found here.

Does GDPR apply to me?

While the current EU legislation (the 1995 EU Data Protection Directive) governs entities within the EU, the territorial scope of the GDPR is far wider in that it will also apply to non-EU businesses who:

a) market their products to people in the EU or who
b) monitor the behavior of people in the EU.

So even if you’re based outside of the EU but you control or process the data of EU citizens, GDPR will apply to you.

PushZIP is 100% GDPR Compliant


PushZIP is fully committed to GDPR compliance. The essence of GDPR implementation directly aligns with our policies and values of protecting customer privacy and rights to one's own data. Since its inception has been GDPR compliant.

Establishing a Information Governance Structure


  • Start the GDPR compliance process with a dedicated team. - Completed
  • Create a comprehensive Privacy Management Framework. - Completed
  • Appoint a Data Protection Officer. - Completed
  • Initiate the internal Privacy and Security training. - Completed
  • Conduct Data Protection Impact Assessment (DPIA). - Completed

Implementing of our Policies and Procedures


  • Data Protection Policy - Completed
  • Update Privacy Policy - Completed 
  • Update Subscription Agreement (Terms of Use) - Completed 
  • Information Security and Governance Policy - Completed
  • Data Breach and Incident Response Plan - Completed
  • Risk management framework to assess and manage threats across the organization. - Completed
  • Data Processing Addendum (DPA) - Completed

Implementation of Data Privacy Policies (specifically in phase 2)


  • Prepare a detailed inventory of data and data-flows within our systems - Completed
  • Establish procedures and policies to restrict processing of personal data - Completed
  • Set up mechanisms to automatically track flow of all data within and outside our systems - Completed

Product Features Geared toward GDPR Compliance

Our team has built features needed to ensure we, and our customers, meet the GDPR obligations. PushZIP already provides the following capabilities geared toward protecting personal data and privacy:

  • Anonymize IP address: By default, PushZIP captures only the first three octets of the IP address to ensure that these are rendered completely anonymous.
  • Consent: Web Push Notifications already require website visitors to give explicit consent by turning on the browser-level permission.
  • Subscriber data: After accepting to receive notifications, the push notification service of the browser creates a randomly generated ID for the subscriber. This ID cannot be used to identify a particular individual.
  • Data Deletion: PushZIP automatically deletes data on expired endpoints and customers have complete control over their data. They can unsubscribe at any time from their browser and their data would be deleted from our systems.
  • Data Retention: Our users can use the account features to remove or update their data. Our data retention time of deleted data is 90 days.

Brand New Features:

  • Granular control over the subscriber data collected through our privacy settings.
  • Enable subscribers to exercise their rights with regards to their personal information stored by you on PushZIP servers preferences
    • Right to access personal information
    • Right to get (any) personal information deleted
    • Right to withdraw consent

Still Got Questions?

Feel free to reach out to us if you have any questions about the GDPR Compliance of PushZIP, via email