Definition
"The General Data Protection Regulation (GDPR) entered into applicability in the EU on 25th of May 2018. There is thus one set of data protection rules for all companies operating in the EU/EEA, wherever they are based. Stronger rules on data protection mean: people have more control over their personal data."
Source: Datatilsynet
What key upgrades have Loyall performed to meet the new GDPR regulation;
Updated Active Consents
- Voluntary
- Specific
- Informed
- Formal requirements
- Unambiguously through active action
- Documentable
- Possible to retract as easily as giving
Database Division
Loyall database is divided into different databases, stored in a restricted area on a secure server where the database can not be linked to other databases unless active consent for this purpose is given.
Updated Privacy Policy, Terms of Use & Cookie Policy
The entire terms set is updated to safeguard the end users rights and obligations.
Increased privacy
The General Data Protection Regulation (GDPR) standardises data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). It also extends the protection of personal data and data protection rights by giving control back to EU residents. GDPR replaces the 1995 EU Data Protection Directive, and goes into force on May 25, 2018. It also supersedes the 1998 UK Data Protection Act.
Source: Forbes
Source: Forbes
Incorporated privacy by design
All product development is updated so that Privacy by Design defines how the service is formed. The service ensures that all treatments do not reduce functionality or limit the service if the user does not actively consent to the processing of privacy information.
Database Handling
How databases are handled, secured, updated for routine purposes and user's statutory requirements are updated.
Users Transparency Portal
The User Transparency Portal is available to all end users, employees and administrators. For users, it appears by signing in "Terms_for_bruk" and "privacy_policy", as well as the footer of all communication methods.
The access portal is generated per location, and employees have the ability to manage requests from end users, where end users confirm the request via email confirmation.
The Portal primary contains;
The access portal is generated per location, and employees have the ability to manage requests from end users, where end users confirm the request via email confirmation.
The Portal primary contains;
- Delete my profile
- Update my profile
- Get insight of my data
- Unsubscribe from this list
Globally applicable
GDPR applies to all organizations holding and processing EU resident’s personal data, regardless of geographic location. Many organisations outside the EU are unaware that the EU GDPR regulation applies to them as well. If an organization offers goods or services to, or monitors the behavior of EU residents, it must meet GDPR compliance requirements.
Source: Forbes
Source: Forbes
Updated Data Processing Agreement
Before 25th of May 2018, Data Processing Agreement was recommended but not statutory. Therefore, Loyall had this available to customers who wanted it.
After the GDPR regulation came into force, Loyalls Data Processing Agreement is a separate mandatory agreement that is to be signed by all active members.
Click here to read article of Data Processing Agreement.
After the GDPR regulation came into force, Loyalls Data Processing Agreement is a separate mandatory agreement that is to be signed by all active members.
Click here to read article of Data Processing Agreement.
New Data Protection Officer
The main task for a Data Protection Officer is to advise on how the Controller can best take care of the privacy interests.
He shall also
He shall also
- Verify compliance with the privacy policy
- Provide advice on the assessment of privacy implications (DPIA)
- Collaboration with Datatilsynet and function as a contact point
- Help to get an overview of the treatments in the business
Source: Datatilsynet
Contact info Loyall DPO
Martin Kongsvik
E: martin@loyall.no / personvern@loyall.no
Y: (+47) 404 81 404 W: https://loyall.no
Contact info Loyall DPO
Martin Kongsvik
E: martin@loyall.no / personvern@loyall.no
Y: (+47) 404 81 404 W: https://loyall.no
Updated routines for DPIA
An assessment of the privacy implications must ensure the privacy of those registered in the solution is safeguarded. This is a duty of the new privacy policy. Article 35 defines when it is required to do a DPIA, what it should contain and who will implement it.
Updated safety & internal control
The internal control documents which insures that the personal information is processed legally, secured correctly, with correct access control and make sure personal information have a adequate basis for treatment is updated.
Questions?
Any questions related to Loyall privacy Is addressed: personvern@loyall.no