GDPR - Protecting your data
On May 25th 2018, the GDPR (General Data Protection Regulation) will be made effective — This will touch pretty much every company that has any presence on the internet. Any organization not in compliance with the new regulation will face the risk on heavy fines. But never fear! We at Convious have been working hard to understand, assess and fully comply with GDPR requirements prior to its enforcement date.
1. What is GDPR?
The General Data Protection Act (GDPR) is considered to be the most significant piece of European data protection legislation to be introduced in the European Union (EU) in 20 years and will replace the the 1995 Data Protection Directive. The GDPR regulates the processing of personal data about individuals in the European Union including its collection, storage, transfer or use. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”). It gives data subjects more rights and control over their data by regulating how companies should handle and store the personal data they collect. The GDPR also raises the stakes for compliance by increasing enforcement and imposing greater fines should the provisions of the GDPR be breached. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on organizations handling data.
2. Key changes to come into effect with GDPR
Expanded rights for individuals: The GDPR provides expanded rights for individuals in the European Union by granting them, amongst other things, the right to be forgotten and the right to request a copy of any personal data stored in their regard.
Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities and enter into written agreements with vendors.
Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
Increased Enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. Also, the GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU.
If you have any questions, please don't hesitate to contact us at firstname.lastname@example.org.
3. Protecting your data
Data is the core
Our technology is transforming the experience economy and attractions throughout Europe, but the backbone of our success is ensuring a safe and trustworthy place for data. We were born with data as our core, so we understand the fundamental role it plays for our partners and their end-users. We have developed our technology under the same core value, therefore we are focused on securing data and keeping it protected.
How do we do it?
Our technology has been created under industry-standard security measures that we constantly monitor and update. Our team of data experts thrive in protecting our systems while making sure every segment of data we collect remains secure. Also, all of our communications are encrypted between servers.
We invest heavily in monitoring, alerting, and response technologies to continuously address potential issues. Convious’ infrastructure is designed to alert our team when anomalies occur.
Access to the information stored within Convious's servers is tiered and limited to Convious employees by job function that’s necessary to carry out their job responsibilities and to users designated on our partner’s accounts and Third Parties who can access the information only in specific and limited circumstances and are bound by confidentiality. All accesses to the information stored within Convious is logged, reported, and reviewed by our security team;
Our Amazon Web Servers are protected by:
Firewalls establishing a barrier between our trusted, secure internal network and the Internet
IP restrictions, limiting access to whitelisted IPs
Encrypted communication between services;
We use HTTPS for Convious's Services providing secure transfer of data to prevent wiretapping and man-in-the-middle attacks;
It’s your data
We acknowledge that all data we collect belongs to our partners. Using our interface, our partners can see, update, and delete their data as they see fit. Convious never shares or sells data with other partners or third parties. As a data-driven company, our relationships with our partners are based on trust, and part of that trust is due to safety and high-standard protocols.
Convious follows the EU data protection regulations.