What key upgrades have Loyall performed to meet the new GDPR regulation

What key upgrades have Loyall performed to meet the new GDPR regulation;

Updated Active Consents

  • Voluntary
  • Specific
  • Informed
  • Formal requirements
  • Unambiguously through active action
  • Documentable
  • Possible to retract as easily as giving

Database Division

Loyall database is divided into different databases, stored in a restricted area on a secure server where the database can not be linked to other databases unless active consent for this purpose is given.

Updated Privacy Policy, Terms of Use & Cookie Policy

The entire terms set is updated to safeguard the end users rights and obligations.

Incorporated privacy by design

All product development is updated so that Privacy by Design defines how the service is formed. The service ensures that all treatments do not reduce functionality or limit the service if the user does not actively consent to the processing of privacy information.

Database Handling

How databases are handled, secured, updated for routine purposes and user's statutory requirements are updated.

Users Transparency Portal

The User Transparency Portal is available to all end users, employees and administrators. For users, it appears by signing in "Terms_for_bruk" and "privacy_policy", as well as the footer of all communication methods.
The access portal is generated per location, and employees have the ability to manage requests from end users, where end users confirm the request via email confirmation.

The Portal primary contains;
  • Delete my profile
  • Update my profile
  • Get insight of my data
  • Unsubscribe from this list

Updated Data Processing Agreement

Before 25th of May 2018, Data Processing Agreement was recommended but not statutory. Therefore, Loyall had this available to customers who wanted it.
After the GDPR regulation came into force, Loyalls Data Processing Agreement is a separate mandatory agreement that is to be signed by all active members.
Click here to read article of Data Processing Agreement.

New Data Protection Officer

The main task for a Data Protection Officer is to advise on how the Controller can best take care of the privacy interests. 
He shall also
  • Verify compliance with the privacy policy
  • Provide advice on the assessment of privacy implications (DPIA)
  • Collaboration with Datatilsynet and function as a contact point
  • Help to get an overview of the treatments in the business
Source: Datatilsynet

Contact info Loyall DPO
Martin Kongsvik
E: martin@loyall.no / personvern@Loyall.no
Y: (+47) 404 81 404 W: https://loyall.no

Updated routines for DPIA

An assessment of the privacy implications must ensure the privacy of those registered in the solution is safeguarded. This is a duty of the new privacy policy. Article 35 defines when it is required to do a DPIA, what it should contain and who will implement it.

Updated safety & internal control

The internal control documents which insures that the personal information is processed legally, secured correctly, with correct access control and make sure personal information have a adequate basis for treatment is updated.