The GDPR is a new European privacy law due to become enforceable on May 25, 2018. The GDPR is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state. The GDPR applies to all organizations that have an establishment in the EU or that offer goods or services to individuals in the EU when processing “personal data” of EU residents.
Personal data is any information relating to an identified or identifiable natural person. The GDPR will replace the existing European Data Protection Directive (Directive 95/46/EC). Beginning on May 25, 2018, the existing Data Protection Directive, and the laws relating to it, will no longer apply.
Additional GDPR Related Resources:
- Data Processing Addendum
- Data Subject Access Request
- Data Subject Complaints
- How we Protect your Data
Below is an outline of the the core directives of the GDPR and how Logiforms helps our customers meet those directives:
|Data Security||Provide appropriate technical and organizational measures to ensure a level security appropriate to the risk of data hosting.|
We’ve implemented organizational and technical safeguards to secure all data hosted at Logiforms, in compliance with GDPR, PCI, HIPPA, and requirements. Security is our top priority and has been for the last 17 years. See How we Protect your Data for details.
|Right to be forgotten||Provide data subjects with the right to delete their personal data if the continued processing is not justified.For example, you may need to delete your customer’s personal data to comply with your GDPR obligations.|
Logiforms provides customers with access to tools to delete personal data through the following:
Logiforms Data Retention policy ensures historical data, archival data and customer data from expired account is destroyed in compliance with GDPR requirements.
|Objection to Processing||Provide data subjects with the right to object to data processing for direct marketing and profiling|
Logiforms has put in place internal policies to handle the following requests:
|Data Portability||Provide data subjects with the right to transfer their personal data between data controllers.|
Logiforms data was designed for for portability. All data hosted on the Logiforms platform can be exported to industry standard output formats such as Microsoft Excel and CSV.
|Access and Rectification||Allow data subjects to require a data controller to rectify any errors in their personal data.|
As a processor of personal data for many of our customers, we stand ready to assist our customers and respond to individual rights requests that they receive under the GDPR. Logiforms provides easy access to account holder data from within the account management interface. In most cases, access requests can be addressed using Logiforms self-serve tools and interface. For additional assistance, or when this is not possible,please contact us to request assistance with any such individual rights requests.
|Transparency and Accountability||Ensure transparent communication with data subjects regarding the processing of their personal data.|
Ensure data subjects are notified of their rights under the GDPR.
|Restriction Processing||Provide data subjects the right to limit the purposes for which the data controller can process personal data.|
Access controls and permissions can be used to filter out data that should be exempt from processing.
Logiforms customers can also export data out of the Logiforms system so that it is no longer being processed. If at a later data, the restriction to processing is removed, data can be re-imported through the UI.