GDPR Is Here. Are You Ready?
Next week, EU's new data protection regulation will come into effect. We've already taken steps and implemented features over the last months to ensure you can be compliant. Are you ready for the GDPR?
The General Data Protection Regulation, or GDPR as it is generally known, will come into effect the 25th of May 2018. This EU regulation governs the way organizations handle personal data from citizens in the EU/EEA. In a nutshell, the regulation comes down to the following:
organizations must create, implement and enforce policies that clearly demonstrate that personal data is not being retained longer than necessary, in relation to the purpose for which such data is processed.
users must be clearly informed about and must consent to their data being stored and processed.
users have the right to request their data in a format that is portable to other systems.
users have the right to request their data be removed from your systems.
organizations must respond quickly and inform the supervisory authority within 72 hours after an eventual data breach that involves personal data.
Notificare has already implemented features over the last couple of months (see for example this blog post). From next week on, we will start putting some warnings and restrictions in place that are related to the GDPR:
Data Retention Rates
To enable you to be compliant with data retention policies within your organization, the Notificare Dashboard allows you to configure retention settings for each type of data that is stored for an application in the Notificare platform. If you did not configure those settings yet, the Dashboard will start showing you a warning, allowing you to accept the current settings as they are or change them according to your needs. Needless to say, you can already go there now and check if the settings there match your policies. The Data Retention settings can be found in the Settings menu of your apps.
Starting 25 May 2018, we will automatically enforce the use of Two Factor Authentication for all Notificare accounts. We currently support the Google Authenticator app for 2FA, so it will be necessary for you to download and install this app in order to access our dashboard. There is no need for you to wait for next week to configure your Two Factor Authentication, you can enable it in the Your Account menu in the 2FA tab.
Data Processing Agreement
If you already have a Data Processing Agreement signed with us, no action is required. Your agreement will appear in the Dashboard for you to download if needed. If you don't, the Dashboard will allow you to request a standard Notificare-signed DPA, which, under the new GDPR, will provide you with sufficient guarantees that we have the appropriate technical and organisational measures required to ensure the protection of the rights of user's data. After you sign this DPA and send it back to us, it will be available for download in the Dashboard.
Terms & Conditions
We will also be updating our Terms & Conditions, which will require acknowledgement and agreement before you can continue using our platform. The Dashboard will present you with new Terms & Conditions the next time you log in.
We understand that, after reading this, you might have some questions. As always, feel free to contact our support team by email.