Introduction
If there’s one thing that’s guaranteed to make marketers nervous, it’s ‘GDPR’. The announcement of the General Data Protection Regulation (GDPR) caused a huge stir, not just in Europe but across the world. Approved by the European Parliament in April 2016, GDPR introduced a number of major changes to how organizations are allowed to store and utilize customer data, with huge penalties looming over anyone who fails to take the new regulations seriously.
Under GDPR, citizens in the European Union have much greater control over their personal data. The new laws focus on privacy and consent, giving customers every right to know when and how their data is being used, and even when it has been compromised. These days, almost every service provider uses online data in one form or another, including banks, government agencies, retailers and employees, as well as online giants like Facebook and Google. Crucially, customers even have the ‘right to be forgotten’ and can withdraw consent to use their data at any time.
According to the EU regulation 2016/679 for the data protection (GDPR), the platform has proceeded to adopt the necessary requirements in the design and software development to ensure the privacy and personal data protection for the user.
The users will have their personal data secured and protected. They will be able to define the restrictions and use allowances of the information. The rights established in the GDPR will be guaranteed.
This will apply to all fields of the new European normative:
PRINCIPLE OF RESPONSIBILITY (ACCOUNTABILITY)
Onesait Platform implements the mechanisms adopting the necessary measures for the treatment of personal data as required by the standard, complying with:
- Responsibility
- Accountability.
PRINCIPLES OF PROTECTION
From the beginning of the Onesait Platform, the design focused on full compliance with the standard, adopting the necessary measures in all processes that involve data processing, as rule and from the source. The platform provides mechanisms for authentication, authorization (by roles) and encryption (encrypted information), both in the transfer of information from systems and devices to the platform each other, and in the consumption of stored information. This guarantees the confidentiality and integrity of the information stored, complying at all times with:
- Data protection by design and by default.
- Anonymization
TRANSPARENCY PRINCIPLE
Onesait Platform is completely transparent, both in terms of architecture and data management. The platform is an open-source solution, which has available the Onesait Platform Community version on github. The solution contemplates at all times:
- Right of access.
- Right to erasure.
- Records of processing activities.
- Enables the existence of a data protection officer.
Sign up & Privacy options
To register an account in the system the users must accept the terms and conditions to use the platform.
The users are informed about the use of the data and rights according to the GDPR and how to exercise them (contact information). After that, by only using the credentials (user/password), a user can access to his or her personal account of the platform
The user can edit or delete his or her profile directly in the application (click in the user name on the upper bar) or by sending an e-mail to the contact information provided in the terms and conditions (for example, if the password has been forgotten). In the second case, the administrator will ask for some security questions to validate the credentials like e-mail, registration date, operations done, etc.
Once the user has deleted his or her account, all of the user's information is deleted as well if the user checked it as “private”. If the information (ontologies) were checked as “public”, that information will remain.
The user can define the Privacy options according to the GDPR:
Forget my data: The user can delete any information contained in the ontologies he or she owns.
Revoke consent: The user can revoke any previously given consent:
View my data: The user can consult that user's data stored in ontologies:
Forget me: The user can delete his or her profile, removing all the information: