Here at Drives and Controls, we take your data privacy and security very seriously. We’re currently preparing for the European General Data Protection Regulation (GDPR), which is coming into force on May 25th 2018.
Is Drives and Controls going to comply with GDPR?
Yes, we can guarantee that we will be fully compliant with GDPR regulations by May 25th, 2018.
What exactly is GDPR?
The General Data Protection Regulation (GDPR) is the result of years of work by the European Union to unify and strengthen data protection for all citizens within EU borders.
GDPR gives you more control over how your data is used, while to us it will constitute a change of the legal environment in which we operate. That makes this change desirable and very beneficial to both parties, regardless of it being mandatory.
Our company is doing everything to ensure that our product, policies, and procedures will be compliant with those regulations before they will become enforced on May 25th 2018.
Feel free to have a read from the official GDPR description here: Wikipedia
So how does GDPR work?
First of all, GDPR affects and applies to every single organisation that processes personal data of EU citizens, whether kept within the EU or outside of it. Any person-related information that can be used to identify is subject to GDPR regulation and its job is to ensure that processing any personal data (collecting, transferring, storage, and use) is made in the most secure way possible.
GDPR is in place to prevent any kind of data leakage or violation and will ensure that every company maximises their security around customers' data.
What is Drives And Controls doing to be prepared?
We want to focus on giving you the tools to choose what you wish to do with the data and to what extent you wish to provide or process it. We are undergoing an entire process of evolving into a better product by working alongside our attorneys and GDPR advisers, which will ensure that everything is top-notch and fully compliant.
That is not a process that can happen overnight, so we're very grateful for your understanding. Just hang in there and we’ll be done sooner than you think. It will require a lot of changes in our company, most of which will not affect you as a customer in any noticeable way. The changes will have no impact on the user-side of things, but we will keep you updated on those nonetheless - so check back for updates soon!
What do I need to do?
If you wish to speak with a member of staff via "Live Chat" you will now have the option to agree to the new terms and conditions of this service.
These terms and conditions are as follows: Drives and controls will hold your chat record for five (5) years, this can be deleted at your request at any time by leaving a note when the chat has finished. Our chat will show a rough location of where you are contacting us for for the duration of your chat, once the chat as ended we can no longer see this information.
Other than that we will not require anything to be done on your end; we want to make sure that this process is done as smoothly as possible for both all parties involved.
A few examples of what GDPR requires, imposes, or provides:
Expanded individual rights
GDPR grants expanded rights for individuals in the European Union by allowing them, amongst other things, the right to be forgotten and the right to request a copy of any personal data stored in their database.
GDPR requires all organisations to implement appropriate security policies, keep records on data activities, and enter into written agreements with vendors to make sure that data is protected.
Data breach notifications
GDPR requires organisations to report certain data breaches to data protection authorities and, under certain circumstances, to the affected data subjects.
New requirements for profiling and monitoring
GDPR imposes additional obligations on all organisations engaged in profiling or monitoring behavior of EU individuals.
GDPR provides a central point of enforcement for all organisations operating in the EU or processing data of EU individual member states by requiring companies to work with a supervisory authority for cross-border data protection issues.
Frequently Asked Questions
Q: What is the EEA?
A: The EEA (European Economic Area) is the area in which the Agreement on the EEA provides the free movement of persons, goods, services, and capital within the European Single Market, including the freedom to choose residence in any country within this area. The EEA was established on January 1st 1994 upon the EEA Agreement having come into force. You can read more about the EEA here - Wikipedia
Q: Where is your data and applications stored?
A: All our data is stored on servers located in USA by Big Commerce - Europe are not allowed to send user’s personally identifiable information (PII) outside Europe unless that data is adequately protected. Once that data is outside Europe, it can’t be shared with another company or organisation, unless that organisation has also demonstrated that they will adequately protect the data.
Q: Do you transfer data between data centres?
A: No, we do not.
Q: Is you data encrypted both at rest and in transit?
A: Data transfer is always processed with encrypted protocols and takes place on a private secure server. Data at rest is encrypted.
Q: Who can access my data? Under what circumstances does that happen and what do they see?
A: No unauthorised personnel has access to the data. Access is only granted to the technical team who is responsible for server stability. Access to those is monitored and tracked in our activity log.