What is GDPR?
The General Data Protection Regulation (“GDPR”) is a new European privacy regulation that will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to strengthen the security and protection of personal data in the EU and affects all organizations, government agencies, and companies throughout the world that collect or use personal data tied to EU residents.
To Whom Does GDPR Apply?
The GDPR applies primarily to organizations located within the EU but also to organizations located outside of the EU that offer goods or services to, or monitor the behavior of, EU data subjects. The GDPR applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What Is LocationsHub’s Approach To GDPR Compliance?
We support the GDPR and will ensure our services comply with the GDPR. In the context of our services, our customers are data controllers and thus are responsible for obtaining necessary consents from data subjects and informing data subjects of processing activities they conduct in the context of working with them. Similarly, data controllers are responsible for ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements, or other obligations relating to the collection of personal data in connection with the use of our services by data subjects with whom Reel-Scout customers interact.
What Is LocationsHub’s Role Under The GDPR?
We act as both a data processor and a data controller under the GDPR. We act as a data processor when we process personal data on behalf of our customers in the provision of our services. We act as a data controller when we collect information from our customers for account management purposes or to send communications to our customers regarding our products and services. This information includes data such as a customer’s name and email address.
What has LocationsHub Done to Ensure Compliance with the GDPR?
Contrary to a common trend with technology companies, LocationsHub collects as little information as possible from our customers. We collect only information that is absolutely necessary to provide our service. This has enabled us to comply with the GDPR without the need to make wholesale changes to our existing processes. That said, we have undertaken the following:
Data Mapping: We have reviewed where and how our relevant services process personal data and maintains internal records of all its data processing activities.
Gap Analysis: We have conducted an analysis of our operations to ensure we comply with the new requirements of the GDPR. We have reviewed our products and services, customer terms, privacy notices, and arrangements with third parties.
Contractual Commitments: We have reviewed and updated our contractual commitments to address GDPR requirements.
Data Breach Notification: Internal processes have been reviewed to ensure that we will notify our customers without undue delay after having become aware of a data breach.
Implement Processes to Accommodate the Rights of Data Subjects: Reel-Scout support is happy to help answer any requests it may receive from customers regarding requests from data subjects about their rights under the GDPR.
Enhanced Security: LocationsHub utilizes some of the most advanced technology for Internet security available today. All information while on the move between the browser and Reel-Scout is protected from eavesdroppers with 256-bit Secure Socket Layer (SSL) encryption. The lock icon in the web browser lets users verify that it isn't a phishing site impersonating LocationsHub and that data is secure in transit. Data is inaccessible to anyone else. The LocationsHub site is hosted in a highly-secure server environment that uses firewalls and other advanced technology to prevent interference or access from outside intruders. Highlights of our data center include:
• SOC2 Type II audit and certification
• 24x7 network traffic monitoring to detect any irregularities
• Security clearances and background checks for all network engineers, database administrators & staff
• Bio scan and magnetic cards required on each datacenter floor
Over the years, we have demonstrated our commitment to the data privacy and protection of our customers. The success of our company is built on the trust that our customers have in our ability to protect and secure their data and the data of their customers. Our data center – where we provide our customers compliance with high security standards, such as encryption of data in motion over public networks, auditing standards (SOC 2 and PCI-DSS), Distributed Denial of Service (“DDoS”) mitigations – is evidence of that. In short, we have always helped our customers maintain control of their privacy and data security in a multitude of ways, and we will continue to do that in compliance with GDPR.