This article is intended to provide an overview of some duties you could be responsible for under the GDPR.
What is the General Data Protection Regulation(GDPR)?
The General Data Protection Regulation(GDPR) is intended to strengthen the protection of personal data for all individuals who reside in the EU or EEA (=Data Subject). The GDPR comes into effect on May 25, 2018 and applies to all businesses obtaining personal data from Data Subjects. Regardless of whether or not your business is located in the EU or EEA, the GDPR applies to you in principle if you obtain personal data from Data Subjects.
HENNGE One and the GDPR
HENNGE One customers could be considered "Data Controller" under the GDPR. Under the GDPR, the Data Controller is obligated to inform the Data Subject of how their personal data is collected, managed, and used. We, as a HENNGE one service provider, could be considered a "Data Processor" under the GDPR.
With regards to customers using our Secure Transfer service, the following information is collected while using the service.
- Date and Time of download/upload
- Global IP addresses where files are downloaded/uploaded
- Email addresses of the person who downloaded the files
* In cases where personal information is included in uploaded files, then that should also be listed.
Secure Transfer
We are releasing a new feature that enables administrators to activate/deactivate a pop-up window to ask for users' consent when files are downloaded/uploaded. This aims to notify Secure Transfer users including Data Subjects and ask for their consent before obtaining their personal data.
Right to be forgotten
Under GDPR article 17 "Right to erasure" (Commonly known as "right to be forgotten"), if the Data Subject makes a request, their personal data should be completely erased.
If you receive that kind of request while using the HENNGE One service, please contact HENNGE Customer Success Guide. We will also deal with the matter.
Procedures on how to display the pop-up window
To display the pop-up window to ask the user's consent, go to [Domain Information]> [Consent Screen] on the "Management" menu and enable the function. The Consent Statement is customizable.
A consent dialog for personal information will be displayed to guests on the download or upload screen.
*The statement in the above screenshots are only samples. Customers are requested to set their own consent statement.