What is the GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect as of May 25, 2018.
It will be applicable to organizations operating in the EU or handling data of EU citizens. As an Ongair customer, you may be affected by the GDPR. So this handy guide is to help you be/stay better informed about GDPR and ensure you are compliant.
We would like to assure you that we, as Ongair, value your data privacy and security and will be compliant with the new law with respect to your information as our valued customer.
1. Who does it apply to?
The GDPR applies to all entities and individuals that collect, process, or hold the personal data of data subjects residing in the European Union, regardless of the company's location. Meaning you do NOT have to be based in the EU for this law to apply to you.
2. What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million.
3. What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
4. Where is Ongair data stored?
Ongair data is stored in cloud servers located within the EU in the republic of Ireland.
5. What is my role in the GDPR?
Depending on your role in managing user data you may belong to at least one or the roles below.
5.1 Data Controller
This is defined by the GDPR as “the entity that determines the purposes, conditions and means of the processing of personal data”. Their full responsibilities are outlined here. Any Ongair customers managing EU users data are Data Controllers.
5.2 Data Processor
This is an entity which processes data on behalf of a Data Controller. So for instance Ongair is a Data Processor. We enable you, our customer, to fulfil your role as a Controller. A Data Processor's full responsibilities are outlined in detail here.
6. How can I fulfill my Data Controller responsibilities in Ongair?
In order to help you comply we've provided the following features in Ongair.
6.1 Managing consent to collect personal data
As a compliant controller, you need to ensure users whose data you collect and manage are aware of this and provide active consent. You may take advantage of auto-responders in Ongair to ensure that users are aware of their personal data being collected the first time they engage with your service.
6.2 Data Deletion
Under GDPR, EU residents have the right to be forgotten. Ongair provides you with tools to delete all personal data of a customer.
6.3 Data Access & Portability
Should you need to export all the data about a user in Ongair, we have provided a handy tool within the dashboard to allow you to do so in a machine readable format.
6.4 Data Privacy & Security
Privacy by design is a key component of the GDPR.
7. Where can I find out more about GDPR?
Here's a few resources you might find useful to learn more about the GDPR:
If you have any further questions about GDPR feel free to reach us at firstname.lastname@example.org