The General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a new regulation to strengthen the protection of EU citizens’ data. The regulation places a significant emphasis on documentation and the consequences of failing to properly manage personal data. We welcome GDPR as an important step to streamline data protection requirements across the EUOne of the key principles of GDPR is to provide more transparency when it comes to what information we ask for and how that information is used. Therefore, we conducted a review of our systems and policies with our legal advisers and external auditors in order to ensure that we comply with the new regulation in all respects. 

How eSmiley complies with GDPR

The only personal data eSmiley process is that which our customers provide us with. We process all data of this kind in a responsible manner, showing due respect for personal privacy and in accordance with legislation. In order to clarify how we comply with GDPR we have:

  • Updated our General Terms and Conditions such that they now include a data processor agreement (see section III). This agreement is intended to ensure that both the data processor (eSmiley) and the customer (data controller) comply with GDPR. Please note that our Terms and Conditions are a standard agreement which you as a customer accept by continuing to use eSmiley’s systems.
  • Updated our Cookie Policy to provide customers with complete transparency into what is being set when you visit our site and how it is being used.
  • Added a reference to our Personal Data Policy to our Terms and Conditions. Our Personal Data Policy describes what we do with the data we collect and how we manage consent. 
  • Taken steps to ensure that our third part vendors comply with GDPR. 

In addition we have had an external legal counsel creating awareness training program and validating that everyone at eSmiley understands and is kept up to date on the current regulation.   

Please note:

 To guarantee no terms are imposed on us beyond what is reflected in our data processor agreement  and Terms and Conditions, we cannot agree to sign customers’ data processor agreement . As a small team we are unable to make individual changes to our DPA as we do not have a legal team on staff. Any changes to the standard data processor agreement  would require legal counsel and a lot of back and forth discussion that would be cost-prohibitive for our team.

Please note:
By signing in and continuing your use of eSmileys services after May 25th, you agree to our updated Terms and Conditions.

How you comply with GDPR

We are committed to ensuring that our users can continue to use our services while complying with GDPR. eSmiley stores data concerning you and the users you register in the eSmiley system. As a customer you have full access to all of your personal data via our systems. You have the possibility of exporting data to Microsoft Excel and have full access to create and remove users in the system. In order to comply with GDPR it is essential that you remember to deactivate user accounts if the user no longer works at your company.


You can read eSmiley’s policies, terms and conditions here:

Terms and Conditions
Personal Data Policy
Cookie Policy
IT Security Policy

What is GDPR?

GDPR is fundamentally a modernisation of earlier legislation concerning handling of personal data, which is no longer able to keep step with technological advancements. As such, many of the items in the new personal data regulation remain more or less unchanged, albeit placing a greater focus on compliance and the associated risk of penalties, while other items cover new measures.

The increased risk of penalties and fines places a requirement on companies to establish a comprehensive overview and monitoring of their data processing flow. The primary focus surrounding the new personal data regulation concerns the right of those registered to be forgotten. This right is in fact not at all new, but the increased focus on it in the new personal data regulation means that companies need to be in complete control of the processing and storage of data in order to comply with the requirement.

What is personal data?

According to GDPR personal data is defined as any form of information relating to a person, such as name, photograph, an email address, bank details, posts on social media, information concerning location, health or IP address.

The personal data regulation can be read in its entirety here.

Ved at benytte denne hjemmeside,, accepterer du, at vi bruger cookies. Læs mere