GDPR compliance

The GDPR – General Data Protection Regulation – introduces a new framework for data protection that applies to all organizations based in Europe, and under certain conditions, to those outside the European territory as well.

When Does GDPR Come into Effect?

GDPR brings forth a comprehensive set of requirements concerning data security, transparency, privacy, and confidentiality. This regulation became enforceable as of May 25th, 2018.

Non-Compliance Penalties

Failure to comply with GDPR rules can result in substantial fines, potentially reaching as high as 20 million euros or 4% of the total worldwide annual turnover, whichever figure is greater.

Understanding ‘Who’ Handles the Data

It is crucial to grasp that GDPR revolves around identifying ‘who’ is involved in data-related activities. While companies like Bham Face Masks or other software providers can provide the tools and knowledge to trace the origin of data, we cannot prevent an ill-intentioned employee within your organization from uploading a complete list of contacts without proper permissions. In such instances, Bham Face Masks can identify the individual responsible for these actions, allowing your organization to enforce internal compliance measures.

Distinguishing Between Data Controllers and Data Processors

Data Controllers:

  • Your company holds this role.
  • Primary responsibility lies in ensuring data security, transparency, privacy, and confidentiality.
  • Collects information through forms and similar means.

Data Processors:

  • The software you employ to store and manage customer and prospect data serves as the Data Processor.
  • Secondary responsibility involves ensuring that company data is securely stored and processed.
  • Responsible for data security and privacy during data processing.

How Bham Face Masks Assists with GDPR Compliance

  1. Right to Data Portability: Customers have the right to receive their personal data in a structured, machine-readable format to transfer to another data controller. Bham Face Masks offers a public page where users can view and request their event-related information at any time.
  2. Right to Erasure: The right to be forgotten is a GDPR provision. Users can request erasure at any time, and Bham Face Masks provides a public page where users can input their email address, receive confirmation, and confirm their desire to be forgotten. Note that data is logged for administrative and forensic purposes.
  3. Consent Requirements: GDPR mandates that consent must be given through a clear, affirmative act, demonstrating a freely given, specific, informed, and unambiguous agreement to data processing. Bham Face Masks assists with this by providing:
    • Clear opt-in forms for marketing communication with leads.
    • A fixed terms of use field for new app downloads.
    • Visibility of lead source in your main event panel.
    • An email communication platform with a mandatory unsubscribe button.
  4. Data Protection by Design and by Default: Bham Face Masks adheres to various protocols, including SOC 2, ensuring data protection through product design. Our documents, such as the Business Continuity Plan and Disaster Recovery Plan, guarantee data protection by design.
  5. Breach Notification Requirements: GDPR mandates the prompt reporting of data breaches to the competent supervisory authority. Bham Face Masks monitors API usage for each customer and offers triggers that can be activated for your IT security team.
  6. Data Retention Standard Policy: Personal data is stored for the duration of an active contract, after which it is automatically erased by the data processor.