EU General Data Protection Regulation (GDPR) and Notific.io
GDPR overview
European Union’s General Data Protection Regulation (GDPR) was approved on 14th of April 2016 after a long round of preparation and debate. Now, after two years from approval, it is really here as the enforcement date, 25th of May 2018, is quickly approaching.
The regulation brings a lot of much needed clarification into how we are expected to handle private and personal data. There are a few requirements that every registry holder needs to be aware of:
- Only collect personal data that is absolutely necessary to accomplish your task
- Remove the data when it is not needed anymore
- Anonymise and / or pseudonymise user data as far as possible
- Protect the data properly via strong encryption and access control
- Track all the modifications made to the data
- Update your user agreements accordingly and make it a requirement for your users to actively accept them via f.ex. clicking a checkbox
- Appoint a privacy officer who is your single contact point with all data privacy related matters
- If requested by the user, make sure that you can provide all the recorded data to the user
- If requested by the user, make sure that you can remove all the recorded data of the user
How has GDPR impacted Notific implementation
Data privacy has always been a keypoint in all of our development. You could say encryption and secure access control are a part of our DNA – we always demand the highest level of quality when it comes to these crucially important features.
Regardless of the fact that we have always been strict about data security, GDPR has brought some changes to our design and implementation practises.
From a direct Notific.io user perspective (i.e. notification sender) we have made sure that you have all the needed tools at your disposal to apply the required GDPR practises properly. You have full control over your notification recipients. In other words you can create, edit and permanently remove there data.
Notific partners and their compliancy
We only use highly regarded partners and all of them have implemented their GDPR policies and changes meticulously.
Important points that we have checked when it comes to our partners:
- Are all our security certificates absolutely reliable and coming from GDPR compliant sources
- Can we fully control the data our partners collect about us and our customers
- Are the partner’s encryption technologies and user access policies on par with our high requirements and those of the regulation
- And last but not least are our partners themselves fully GDPR compliant
Notific GDPR compliancy
We have been hard at work ensuring that our service is fully GDPR compliant. As a result of this hard work we can proudly say that yes, it is.