You may have heard quite a lot about GDPR recently and how it is affecting your rights surrounding your data. With that in mind, we've put together a guide on what GDPR is along with what we're doing in order to be compliant with the new regulations.
What is GDPR compliance?
GDPR is a European Union regulation which will come into force on the 25th of May this year. It will bring large and sweeping change because it deals with the data protection of millions of individuals. The aim of GDPR is to both strengthen and unify data protection and to bring the laws up to date with an increasingly digital world. Once the regulation comes to pass, it will significantly expand the individual's rights to control exactly how their own personal data is not only collected, but also processed. The change means businesses big and small will have a whole new set of obligations in order to be much more accountable for the protection of data.
GDPR compliance must be followed
For all businesses that handle data, GDPR is not a matter of choice, neither is it a case of ticking boxes. As part of the regulations, businesses will have to demonstrate they are fully compliant with GDPR. In order to do this, they will have to ensure they have policies and procedures in place to deal with transparency and accountability. They will also be expected to build data privacy into the culture of their workplace as well as data security.
Most organisations will already have almost everything in place to ensure they are fully GDPR compliant by the 25th of May. Those who aren't can expect to face penalties that have been set out to be 'effective, proportionate and dissuasive'. Penalties will be handed out on a case-by-case basis and are two-tiered. The first tier is a fine of either €10 million or 2% of the company's annual global turnover. The second tier is either €20 million or 4% of the annual global turnover. In both cases, the highest of the two will be charged.
What we're doing
At drServer.net, we welcome the GDPR regulations and have a number of measures in place to ensure we are fully compliant, such as recognising and enacting the following rights:
The right to be informed
One of the key rights of GDPR is the right to be informed. That means all individuals will have the right to receive information about how companies are processing their data. On top of that, they will also have the right to ask why the company is processing their data in a certain way. We have multiple policy links in our client area which individuals will have to agree to in order for us to continue to process their data.
The right to access
Another right is that individuals will be able to access confirmation on whether or not any personal data which concerns them is being processed. They also have the right to access information on where that data is being processed, and why the business is processing it. In the client area every individual will have full access to the personal information being stored by DrServer.net. By simply heading to My Account, then overview, individuals will be able to see their data and why that data is being collected (billing or non billing). Should an individual wish to access a report of their data, they will have the option to generate a PDF.
The right to be forgotten
In order to be fully compliant, we will also be enforcing the right to be forgotten, which in simple terms means that individuals will have the right to have all of their personal data held by the company erased. We will be allowing individuals to do this quickly and simply if there aren't any unpaid invoices associated to the account and if there are no 'active services' which we would be unable to cancel.
Once an individual makes a request to delete their account, the account will be assigned with a 'pending removal' status before it's deleted as soon as possible. If for legal or tax reasons an individual decides they would like their data to be forgotten but need to keep it for a certain period of time, they will be able to delete as much information as they wish, without having to remove data which is required for contracts and billing.
The right to object
As part of GDPR, businesses including ours will be giving individuals the right to object. An individual can exercise this right at any time should they have any concerns over the processing of personal data which affects them. The terms and services are being updated so that individuals will have the right to give and withdraw consent at any time they see fit. Any changes made to client profiles are logged, making it easy to see when a client has given consent as well as determine exactly when a client has withdrawn their consent.
The right to data portability
In accordance with GDPR we will be giving individuals rights to receive, completely free of charge, a full copy of their personal data. This data will be given in electronic format and will be easily downloadable from the client area of the site.
Why GDPR is important
GDPR is important because it puts the individual in control of how and if their data is processed. Not only does it make their data more secure, but it demands greater levels of accountability for all types of businesses operating within the EU. At drServer.net, we have always taken data security extremely seriously. It's because of this, and our ongoing commitment to making sure our clients can trust us with their data that we welcome the changes to the regulations.
If you have any questions concerning GDPR and how it could affect your account, or you would like to find out about any of our servers, please don't hesitate to contact our support team by using our Live Chat function or just drop us a ticket.