What is GDPR?
The General Data Protection Regulation (GDPR) is a set of rules for better protection of the data of European citizens. The legislation starts on 25th May 2018.
- Data Processing Officer = the owner of the data, who collects that determines the goals and means. As a Loft 33 customer, you collect names, addresses, telephone numbers, e-mail addresses, photos, payment details, etc., as well as IP addresses and cookies (to uniquely identify the device or in combination with other data, to identify the individual that is linked to the device, regardless of the use of pseudonymisation of cookies) of your users.
- Data Processor = the entity where the data is being stored or processed, according to the instructions of the Processing Officer. As a Loft 33 customer you ask us to make a backup of the data of your users, and in this case Loft 33 is the Processor. Even when the Processor entrusts the processing (the sub-processor) to a third party, the Processor remains responsible for the correct compliance of the GDPR legislation.
- Data subjects = the persons whose personal information is being processed.
What does GDPR mean for your company?
- Transparency: Companies must inform citizens in an understandable way about how the data is collected and processed.
- Data transfer: Citizens will be able to transfer their data from one service provider to another, for example to switch telecom operators.
- The right to be forgotten: Companies must be able to erase personal data at customer's request, when no valid counterargument, even if the information was shared with third parties and all this within 30 days.
- Duty to report on data leaks: If there is a data breach where there are risks for natural persons, companies are obliged to report this to the data subjects and the authorities within 72 hours. For reporting to the authorities as a company, you can contact https://www.privacycommission.be/nl/melding-van-gegevenslekken.
The task of Loft 33 as a GDPR Data Processor
Loft 33 is the Processor of the data that you have collected as Processing Officer. That is why it is part of our task to:
- Keep track of logs of data processing of your data, such as making back-ups.
- Report a breach of your datasets to you (the Data Processing Officer), datasets that are on a platform managed by us, and assist you in preparing the notification to the Data Subjects.
- Checking whether Sub-Processors, third parties we hire for data processing, work in accordance with GDPR.
Let us change your website
Every form that collects information from a user on your website must include:
- A clear unsubscription: The approval of the user to use and store data and the indication of what these data will be used for. The date of this opt-in is automatically registered in the CMS system.
- Unsubscribe: You must explain clearly and simple how people can opt out again. Do this via a button or checkbox "unsubscribe from this newsletter", with a confirmation that the user is unsubscribed.
- Minors: If your company collects data in Belgium from minors under the age of 13, you must have the approval of a parent or guardian.
Every website is tailor-made. An audit per website results in an action list to comply with the GDPR legislation.