What is GDPR?

Definition

The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
Source: Wikipedia
Increased privacy
The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). It also extends the protection of personal data and data protection rights by giving control back to EU residents. GDPR replaces the 1995 EU Data Protection Directive, and goes into force on May 25, 2018. It also supersedes the 1998 UK Data Protection Act.
Source: Forbes

Globally applicable

GDPR applies to all organizations holding and processing EU resident’s personal data, regardless of geographic location. Many organisations outside the EU are unaware that the EU GDPR regulation applies to them as well. If an organization offers goods or services to, or monitors the behavior of EU residents, it must meet GDPR compliance requirements.
Source: Forbes

What key upgrades have Loyall performed to meet the new GDPR regulation;

Updated Active Consents

  • Voluntary
  • Specific
  • Informed
  • Formal requirements
  • Unambiguously through active action
  • Documentable
  • Possible to retract as easily as giving

Database Division

Loyall database is divided into different databases, stored in a restricted area on a secure server where the database can not be linked to other databases unless active consent for this purpose is given.

Updated Privacy Policy, Terms of Use & Cookie Policy

The entire terms set is updated to safeguard the end users rights and obligations.

Incorporated privacy by design

All product development is updated so that Privacy by Design defines how the service is formed. The service ensures that all treatments do not reduce functionality or limit the service if the user does not actively consent to the processing of privacy information.

Database Handling

How databases are handled, secured, updated for routine purposes and user's statutory requirements are updated.

Users Transparency Portal

The User Transparency Portal is available to all end users, employees and administrators. For users, it appears by signing in "Terms_for_bruk" and "privacy_policy", as well as the footer of all communication methods.
The access portal is generated per location, and employees have the ability to manage requests from end users, where end users confirm the request via email confirmation.

The Portal primary contains;
  • Delete my profile
  • Update my profile
  • Get insight of my data
  • Unsubscribe from this list

Updated Data Processing Agreement

Before 25th of May 2018, Data Processing Agreement was recommended but not statutory. Therefore, Loyall had this available to customers who wanted it.
After the GDPR regulation came into force, Loyalls Data Processing Agreement is a separate mandatory agreement that is to be signed by all active members.
Click here to read article of Data Processing Agreement.

New Data Protection Officer

The main task for a Data Protection Officer is to advise on how the Controller can best take care of the privacy interests. 
He shall also
  • Verify compliance with the privacy policy
  • Provide advice on the assessment of privacy implications (DPIA)
  • Collaboration with Datatilsynet and function as a contact point
  • Help to get an overview of the treatments in the business
Source: Datatilsynet

Contact info Loyall DPO
Martin Kongsvik
E: martin@loyall.no / personvern@loyall.no
Y: (+47) 404 81 404 W: https://loyall.no

Updated routines for DPIA

An assessment of the privacy implications must ensure the privacy of those registered in the solution is safeguarded. This is a duty of the new privacy policy. Article 35 defines when it is required to do a DPIA, what it should contain and who will implement it.

Updated safety & internal control

The internal control documents which insures that the personal information is processed legally, secured correctly, with correct access control and make sure personal information have a adequate basis for treatment is updated. 
 

Questions?

Any questions related to Loyall privacy Is addressed: personvern@loyall.no