Q: What is the GDPR?
A: The GDPR is an expansive regulation established within the European Union on behalf of its citizens and overseen by a Supervisory Authority in agreement with many other countries, including the U.S., to abide by its requirements or suffer stiff fines. The GDPR is the most far-reaching privacy regulation implemented to date, both in terms of its global adherence and its approach.
Q: How is the GDPR different from other regulations?
A: The GDPR differs from previous directives in a couple ways. First, it provides greater rights to data subjects in the following ways:
- data subjects must be given specific information as to what data is collected, what will be done with that data, and to whom (the recipient) their data may go, and provide express consent for their personal data to be collected.
- Data subjects have the right to request what information has been obtained from them, request that any errors be corrected, take their data with them (data portability), and have their data deleted upon their request (right to erasure).
Second, whereas previous regulations may have resulted in some software or administrative changes to comply, the GDPR positions companies to take a much more proactive, end-to-end approach to security and privacy in designing systems and technology around privacy as opposed to addressing privacy in a reactive or peripheral way.
Third, the notification process of data breaches requires impacted consumers to be notified within 72 hours. The Supervising Authority must be informed as well. The notification should include what data was compromised, how and when the breach occurred, and what remediation has or will take place.=
These are just a few, but important, ways the GDPR is different from previous regulations.
Q: What does SmartFile do with my data?
Q: Can I count on SmartFile to assist and support my company’s GDPR efforts?
A: SmartFile serves business customers. Our role is generally acting as a Data Processor for these customers, who are in the role of Controller. As a Data Processor, however, privacy is very important to us and we are prepared for GDPR. While SmartFile can’t be responsible for the GDPR compliance of other companies, we can support your business as it seeks to meet the GDPR requirements by maintaining our own internal policies and privacy efforts. We can also assist you with requests you may have for data, as well as providing help and technical assistance for using the SmartFile system effectively to manage the files you store, which may include personal data. For more information on SmartFile as a Data Processor, please E.
Q: Does SmartFile offer a Data Processing Addendum (DPA)?
A: Yes. For more information on how customers may enter into the SmartFile Data Processing Addendum, please contact support.