Ensuring the security of the data that passes through our email, calendar, and contacts API has always been a foundational principle at Nylas. Our email API handles data that by nature contains highly sensitive, personally identifiable information (PII), and the handling, processing, and management of this data needs to be regulated closely. To date, the Data Protection Act has played a big role in protecting personal data throughout the EU, but there’s about to be a new sheriff in town: the General Data Protection Regulation (GDPR).
In this article, we’ll review GDPR and how Nylas works to uphold all of our data to the highest security standards, including GDPR compliance.
On May 25, 2018, the EU’s sweeping new GDPR goes into effect and it impacts more than just companies based in the EU. GDPR applies to non-EU based companies like Nylas that provide services to EU customers or where personal data is obtained in the EU and transferred outside of the EU.
The GDPR definition of personal data is one that is ever-expanding and is deliberately very inclusive. Personal Data includes a person’s name, location data, and more.
The GDPR carves out higher protections for “Sensitive Personal Data” which includes information regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health.
There are two main parties that are responsible for GDPR compliance:
Data deletion
As a data processor, Nylas complies with GDPRs “right to be forgotten”, which means that users have the right to delete all of their stored data (e.g. email, calendar, and contact data) with Nylas. The data deletion happens as soon as possible, no later than 30 days after the request is sent.
Data portability
Users can download a copy of the data (email, calendar, contacts info) that has been processed through Nylas in a machine readable format.
Data breaches
In the unlikely event of a breach, Nylas will notify our customers as quickly as possible – no later than 72 hours after a breach takes place.
As our product evolves, we always keep data privacy top of mind. Where possible, we use pseudonyms to protect personal data and we take other measures to minimize the amount of data we process while we aim to achieve compliance with data processing rules.
In the US, there is no single comprehensive federal law that rivals the GDPR and protects personal data. Instead there are a number of federal laws that cover particular pieces of information, such as:
In addition to the federal laws, all 50 states have enacted laws which require notification of security breaches involving personal data and others have enacted more stringent cybersecurity regulations. Nylas closely monitors this changing regulatory landscape and ensures that it complies with all applicable laws.
At the end of the day, GDPR is all about putting people’s privacy first. At Nylas, we’re all about helping the world communicate with context and insight — and we’re excited to continue to provide the best, most secure API for our customers and their end-users while giving privacy the prominence it deserves.
Building security by design is crucial, especially for startups and small businesses, where resources are…
In a time where cyber threats are increasingly sophisticated and frequent, fostering a security-first culture…
At Nylas, our information security team took action to investigate the Log4j vulnerability and found that our codebases were not impacted. As the incident unfolds, see how Nylas responded to identify the impact and protect customer data.
Email API
Calendar API
Scheduler
Contacts API
ExtractAI
Salesforce email integration
Google email & calendar integration
Outlook email & calendar integration
IMAP integration
Calendar management
Embedded contextual email
Scheduling automation
Automated outreach
Intelligent data extraction
Ecommerce
Telehealth
Real estate
Financial technology
Educational technology
Expense management
Customer relationship management
Applicant tracking system
Communications platform
Marketplaces
Document management
Docs
SDKs
Tutorials
API status
Changelog
Support
Blog
Events
Guides
Inspiration gallery
Partners
Build vs. buy
Customer stories
Security & Compliance
Why Nylas
Newsroom