What is the GDPR?
GDPR is a new EU regulation that intends to strengthen and unify data protection and protect everyone’s fundamental right to privacy and protection of their personal data. To that end, we have made some updates to our security and data processes in order to ensure full compliance with GDPR. Please note that these changes are in place for ALL Regpack clients, not just European clients. While compliance isn’t required for organizations who are not based in the EU and don’t have users in the EU, we believe these updates benefit everyone and we can all enjoy extra data protections for our businesses. Furthermore, if you have information of only one EU citizen then the GDPR rules apply to you. Since many times it is not possible to know all citizenship of your users we are applying the rules to all organizations using Regpack. Below is a short summary of the changes we’ve made:
Regpack Security Page
Our Security page is updated with our security protocols and how we encrypt data to protect sensitive personal information. You can view that here.
Data Deletion Tool
In compliance with GDPR, any user can request their data be deleted from your systems. This must be done within 1 month of their request, free of charge. We are rolling out a tool in the coming weeks that will allow you to purge a user’s data upon request of that user. Please note that once data is deleted, you cannot retrieve the information and it is lost forever. Please be careful when using this tool. Please note that further to the GDPR requirement of only holding data you need, if you cancel your Regpack account, all data including ALL user data, will be purged IMMEDIATELY upon confirmation of cancellation.
Data Processing Agreement - Your Action is REQUIRED
In the coming days all Regpack account owners will be asked to sign 2 documents:
- Data Processing Agreement: this document lays out the data protection measures Regpack has taken and what data protection measures you are required to take.
- Service Agreement: this is the same service agreement you received when onboarding. It has been updated with additional language regarding data security.
We must have these agreements signed in order for your account to remain active. Once signed, you can view the agreements at any time under Settings → Bill for further reference.
Regpack Employee Access
According to GDPR regulation, data should only be exposed to individuals that are allowed to view it. To that end, Regpack will be updating it’s internal permissions and Regpack employees will be limited to the scope and type of data they have access to. This includes, but is not limited to, the inability to export any type of report, viewing user data without consent and other secure measures.
Admin Account Security
Further to the GDPR requirement that data is exposed only to people that need to see it, Regpack will be enhancing its admin login security measures to make sure that your account is always safe and that no data can get into the wrong hands. In the coming days, the system will be updated to include an advanced algorithm for possible account security threats. If a potential security issue is detected, you will need to approve your access to the system by issuing a code that will be sent to your admin email. This 2 step verification will happen every time the algorithm detects a possible problem. Please note that when activated, the algorithm might ask you to complete the action regardless of a possible threat just to calibrate itself according to your usage patterns. Please note that if the algorithm detects a repeated threat to your admin account, it will lock it down for manual investigation. This is done to protect you and your user’s data.