What is GDPR?
The General Data Protection Regulation, more commonly known as GDPR is a regulation set forth by the European Union to protect the personal data of EU citizens and give individuals the power to control their personal data. The Aim of GDPR is to reshape the way data handlers, handle data privacy. Although GDPR is a European regulation, it also addresses the export and use of data by data handlers outside the EU so, if a company outside EU has only a single client which is located within the EU, the company is covered by GDPR. GDPR takes effect May 25 th of 2018.
The organization behind a Siesta account is considered the Data Controller. This is because the organization controls the data which is provided into their Siesta account.
Napp, the company behind Siesta is considered the Data Processor. This is because, on a written consent from the Data controller, the Data processor can process the data of a Data Controller’s account. The Data processor (Napp) also has obligations to keep the Data controller’s data safe from hacking or data breach. Should a data breach occur, the Data Processor is obligated to notify stakeholders within 72 hours of the breach.
How does GDPR affect me?
It is important to understand GDPR’s definition of “Personal Data”. GDPR covers any details that can be used to determine your identity. The following is considered “Personal Data” under the GDPR: Name, Location, Photos, email, phone number, physical address, IP address, social media posts, medical information and bank details.
In short if you are happy with how your data is currently handled, GDPR should not affect you or your data in any noticeable way. What GDPR does is to make it mandatory for companies that handles your data, to provide you with the option to control your own “Personal Data”. This to ensure that for what-ever you sign up for, you have complete understanding of what your data will be used for and that you have given the organization who asked for your data unambiguous consent to use your data.
You also have the right to object if you think your data is incorrect or you don’t want your data to be used for direct marketing purposes. Among many new rights you gain through GDPR is the right to be forgotten. This means that GDPR compliant organizations are required to delete all personal data when a client quits their service or if a client chooses to do so.
At Napp we constantly work on improving both security and personal data for our clients. We only use world class partners and always strive to use the highest standards to ensure our clients data is safe with us. For more info please read our Terms here.
Learn more about your rights as a data subject under the GDPR. See the following articles: https://www.whitecase.com/publications/article/chapter-9-rights-data-subjects-unlocking-eu-general-data-protection-regulation or here https://gdpr-info.eu/chapter-3/
How will GDPR affect Napp and Siesta?
Becoming compliant with GDPR means we will be making some changes to how we handle your data by being even more transparent and give you more power to control the usage of your data. Here are a few examples:
- All our clients are forced to accept a Data Processor Agreement. This will be shown as a pop-up when logging in to Siesta
- Any signup forms which require input of “Personal Data” such as “Schedule a demo” will be accompanied by a checkbox, with an explanation on the why, and what we will use the data for. To submit any data, the checkbox must be checked, signaling that you have given consent for us to use your data.
- If you so choose, there is a process in place for us to quickly provide you with all relevant data from within the Siesta platform.
- If you so choose, you can ask us to delete your own user data from Siesta. However, this will negatively affect the performance and results of the solution.
- Napp will either appoint an internal or hire an external Data Protection Officer (DPO). The DPO will be in charge of enforcing all the GDPR rules set forth by the EU.
- We will continue to keep yours and the rest of our client’s data safe and secure as mandated by the GDPR.
Do you want to read more about the obligations of a GDPR compliant company? Access the whole GDPR regulation in a user-friendly format here: https://gdpr-info.eu/chapter-1/