This article is intended to provide an overview of some duties you could be responsible for under the GDPR.
What is the General Data Protection Regulation(GDPR)?
The General Data Protection Regulation(GDPR) is intended to strengthen the protection of personal data for all individuals who reside in the EU or EEA. (Data Subject) The GDPR comes into effect on May 25, 2018 and it applies to all businesses obtaining personal data from the Data Subject. Regardless of whether or not your business is located in the EU or EEA, the GDPR applies to you in principle if you obtain personal data from the Data Subject.
HENNGE One and the GDPR
HENNGE One customers could be "Data Controller" under the GDPR. Under the GDPR, the Data Controller shall be obligated to inform the Data Subject of how their personal data is collected, managed and used as a matter of principle. We, as a HENNGE one service provider, could be "Data Processor" under the GDPR.
With regards to customers using our Secure Transfer, the following information is collected while using the service.
- Date and Time of download/upload
- Global IP addresses where files are downloaded/uploaded
- Email addresses of the person who downloaded the files
* In cases where personal information is included in uploaded files, then that should also be listed.
We are releasing a new feature that enables administrators to activate/deactivate a pop-up window to ask user's consent when files are downloaded/uploaded. This aims to notify Secure Transfer users including Data Subject and ask their consent before obtaining personal data.
Right to be forgotten
Under GDPR article 17 "Right to erasure" (Commonly known as "right to be forgotten"), if the Data Subject makes a request, their personal data should be completely erased.
If you receive that kind of request while using the HENNGE One service, please contact HENNGE Customer Success Guide. We will also deal with the matter.
Procedure about how to display the pop-up window
To display the pop-up window to ask the user's consent, go to [Domain Information]> [Consent Screen] on the "Management" menu and enable the function. The Consent Statement is customizable.
A consent dialog for personal information will be displayed to guests on the download or upload screen.
*The statement in the above screenshots are only a sample and customers are requested to set your own consent statement.