communic8 is committed to be compliant with all applicable laws with the General Data Protection Regulation. To learn more about the GDPR, check out their site for definitions and regulations.
The GDPR applies to:
- Organisations located within the EU
- Organisations located outside of the EU if they offer goods or services to (even for free), or monitor the behaviour of, EU residents
- Organisations processing and holding personal data of EU residents, regardless of the organization’s location
The key changes under the GDPR are:
- Increased Territorial Scope - Apply to all companies processing the personal data of data subjects residing in the EU, regardless of whether or not the company resides in the EU.
- Penalties - Fines can be a maximum of up to 4% of annual global turnover or 20 Million EUR, whichever is greater.
- Consent - Conditions have been strengthened and the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to the consent. It must be as easy to withdraw as it is to give consent.
- Breach notification - Breach notifications will become mandatory in all member states where a data breach is likely to "result in a risk for the rights and freedoms of individuals". This must be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, "without undue delay" after first becoming aware of a data breach.
- Right to Access - Right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. The controller is required to provide a copy of the personal data, free of charge, in an electronic format.
- Right to be forgotten - Entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
- Data Portability - A data subject has the right to receive the personal data concerning them, which they have previously provided in a "commonly used and machine readable format" and have the right to transmit that data to another controller.
- Privacy by Design - Calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition.
- Data Protection Officers - Only mandatory for those controllers and processors whose core activities consist of public authorities, organisations that engage in large scale systematic monitoring and organisations that engage in large scale processing of sensitive personal data.
To comply with these regulations communic8 will need the ability to:
- Consent - The ability to withdraw consent to use their data is covered by our unsubscribe feature. Each user has the ability to manage their contact preferences and deactivate their account.
- Right to access - Able to provide an electronic version of data held. This request can be done for each customer by raising a support ticket.
- Right to be forgotten - You may terminate your communic8 account at any time. Raise a support ticket and we can permanently delete your account and data associated with it.