News article posted on: 31-05-2018
New European Privacy Law (GDPR)
The General Data Protection Regulation (GDPR) is in effect from now. Or at least, sanctions can be imposed. This new European privacy legislation applies to all member states of the European Union and will replace national laws such as the Personal Data Protection Act (PDPA or Wbp -"Wet bescherming persoonsgegevens"). In The Netherlands, this law is also known as the AVG, the "Algemene verordening gegevensbescherming".
In this article, we explain what you need to do and what we have done to comply with this new legislation.
Introduction
The processing by Versio for web hosts is limited to storing and securing data. Versio's customers, also known as end users or resellers, are (mostly) responsible for the processing of personal information. The only exceptions to this rule are domain registrations. Versio communicates the personal information of customers for its partners.
As a partner, you have obligations towards your customers. If you are not familiar with the material yet, it would be wise to read our previously published article.
What do I do?
As a partner or customer, you generally have to comply with the following Privacy by Design principles regarding the personal data you collect:
- Data minimization
- Short storage periods
- Facilities for retrieving, correcting and deleting
- Pseudonymization and anonymization
- Encryption
- Security access
- Consent of those involved
- Target binding
We have listed some critical concerns for our customers and partners:
- Keep a record of whose personal records are processed, the handling of this data and which security measures are taken.
- Make sure you express that you collect personal data. Ensure a privacy statement is present, written in a comprehensible language.
- If you need an example, you can view our privacy statement.
- Investigate whether a Data Protection Officer should be appointed to supervise compliance with the General Data Protection Regulation. For organizations where the processing of specialized personal information (like medical records) is a core activity, this is mandatory.
- Provide a manual for data breaches and make sure that employees are aware of the necessary actions in the event of incidents that could potentially be classified as a data breach.
- Ensure that technical (for example, an SSL certificate) and organizational measures are in place.
- Display a processing agreement for customers on your website.
- If you need an example, you can view our processing agreement.
- Be prepared for customer rights (in particular the right to inspection and correction).
What has Versio done?
- We added a processing agreement to our website.
- We have updated our privacy statement with additional information.
- We have updated our general terms and conditions regarding the processing agreement and domain registrations outside of the EU.
- We have sent a newsletter to our customers with all the information discussed in this article.
- In short, we are ready!
Want to Learn More?
Would you like to learn more about the General Data Protection Regulation (GDPR)? Please contact our Support department.