As of 25th May 2018 the General Data Protection Regulation comes into force. At Loginet we have always been committed to data privacy and security and we have taken all necessary steps to ensure GDPR compliance.
What is GDPR?
GDPR is the European Union regulation that replaces the Data Protection Directive and is aimed at strengthening and unifying data protection for all individuals within the European Union. The regulation will bring a huge change to European data security, but it will impact many non-EU based business as well.
Who needs to comply?
Any company selling to or storing personal data or behavioural information of citizens in Europe (such as name, email address, location, photo, bank details, updates on social networking websites, medical information or a computer IP address etc) will have to comply.
Moreover, any company with a web presence in EU or targeting European customers (that means for example having a website available in any language of the EU, a domain with EU country code or accepting payment in EU currency) will need to meet GDPR requirements as well.
What does GDPR change?
GDPR gives individuals the control over how their personal information is being collected, stored and used. Under GDPR individuals have the following rights:
- The right to be informed
Individuals will have the right to be given information about how their data is being processed and why. Individuals will also need to give consent to data processing.
- The right to access
Individuals have the right to to obtain the confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. In Loginet each registered client has access to the overview of their personal information stored by you. Under My Account→ Overview client can view their details along with the purpose for each data that is being collected (billing or non-billing; defines whether or not the data is needed for invoicing and hence it may be required to keep that data for a given period of time).
- The right to be forgotten
GDPR gives individuals the right to have their personal data erased. With Loginet, our clients can request to have their account deleted and their data forgotten with just one mouse click. We’ve made sure that the client will be able to start the account removal process only if there are no unpaid invoiced linked to their account and there are no active services that can’t be cancelled. Requesting the account to be deleted will assign the account with the ‘pending removal’ status and deleted after certain period of time.
- The right to object
Individuals have to right to object at any time to processing of personal data concerning them. With Loginet our clients can review all of the terms and services they have given their consent to and withdraw that consent at any time.
- The right to data portability
As per GDPR individuals have the right to receive a copy of the personal data, free of charge, in an electronic format. Loginet enables to easily downloaded to the json file all personal information gathered in client profile with the single click of the mouse from My Account→ Overview section.
- Breach notification
Data processors will be required to notify their customers about data breach within 72 hours of first having become aware of the breach.
How it will be executed?
The GDPR imposes high fines on data controllers and processors for non-compliance.
The fines can go up to 20 million Euros or 4 percent of annual global turnover, whichever of both is highest, however the exact fines depend on numerous factors such as how severe non-compliance and potential personal data breaches are and the measures that have been taken to be GDPR compliant.
For additional information on the GDPR please visit official GDPR website.