Docugent is committed to putting in place all required changes in the app, on the website, and services by May 25, 2020. We have presented below, what Docugent will do to comply with the regulation, and what users of Docugent should know about GDPR.
What are the actions that Docugent is taking to comply with GDPR?
Docugent is dedicated to meet all the GDPR requirements and is committed towards protecting the privacy concerns of our app users, website and blog visitors.
Out checklist for GDPR compliance before the regulation comes into effect:
| Task | Status |
|---|---|
| Familiarize ourselves with the full text of the regulation. | COMPLETED |
| Refer legal communities that cover GDPR related topics. | COMPLETED |
| Nominate Data Protection Specialist: We've nominated our Chief Information Officer for the role. Email: [email protected] | COMPLETED |
| Make necessary changes to our Privacy Policy and Terms of Service documents. | COMPLETED |
| Make a list of all the in-app areas that need to be managed and organized to comply with the regulation | COMPLETED |
| Make a list of all the areas on the website and blog that need to be updated to get in-line with the regulation | COMPLETED |
| Execute changes on the website and blog to make sure they are in-line with the GDPR rules | COMPLETED |
| Implement pseudonymization to protect the user's data which do not have a compulsion to be kept in its original form | COMPLETED |
| Ensure protection of personal data of Docugent users | COMPLETED |
| Create a standard Data Breach Response plan | COMPLETED |
Role of Docugent in data protection?
Docugent is defined as:
1) data administrator in relation to Docugent users and businesses;
2) data processor in relation to the data owners whose personal data is uploaded to Docugent and used in reports by its users. It implies that as a company, we superintend a couple of matters:
Docugent needs to update its users and businesses whenever a third party takes part in processing their personal data.
Docugent is liable to immediately inform the data administrator (the user) in case someone from the user's organization, contacts Docugent to stop the outreach.
Docugent permits the ‘right to be forgotten' and the ‘right to assist in data deletion' on a special request. As Docugent user or administrators, you may request your personal data change or deletion. The detailed instruction on how to exercise those rights can be found below in the section Adequacy, relevance, limitedness of the GDPR Compliance.
Docugent will address any violation of GDPR reported at [email protected]
What is GDPR?
The General Data Protection Act (GDPR) is being introduced by the European Union to regulate how personal data can be processed. Its goal is to ensure data protection of the people who live in the EU.
Why is there a need for GDPR?
EU data protection rules have not been changed over last two decades. There are two main reasons why the EU legislative branch decided to upgrade the existing regulations.
The reach of technology is global in today's era – personal data processing is present everywhere in today's digital world making existing regulation outdated;
According to a survey taken by Eurobarometer in 2011, 75% of people want to exercise their right to be forgotten. 90% believe that it's necessary to standardize the rights related to personal data protection (source).
Kinds of information under protection?
The scope of GDPR covers natural persons and their rights. It excludes business entities or organizations and processing of their data.
It protects processing of below mentioned personal data:
- Name
- Age
- Address
- Phone number
- Company Name
- Job title
Also indirect identifiers including physiological, mental, physical, genetic, economic, cultural and social identity. Hence, it protects any information using which one can identify the individual.
What does ‘processing' mean?
‘Processing' relates to personal data “collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,” as in Article 4 (2) of the regulation.
Lawful basis for data processing
Processing personal data, in compliance with GDPR, requires one to follow the principles below:
Lawfulness Fairness Transparency Adequacy Relevance Limitedness Accuracy Storage Limitation Integrity Confidentiality.
Here is how Docugent falls in line with these principles and what all you should know to use Docugent in accordance with GDPR.
Lawfulness, fairness, and transparency
Being a Data Processor, Docugent remains clear and fair when processing data of its subscribers and users. On completing the signup process, every Docugent user and subscriber receives notification that the personal data they provide will be processed in ways specified by Terms of Service and Privacy Policy.
As data administrator, users must ensure that their actions have a clear and legitimate purpose to it. It is a must to have a valid reason to process personal data of EU citizens. One should also be able to explain the entire process of collecting the required data.
Adequacy, relevance, limitedness
Docugent only processes the data necessary with respect to the purpose of the of the objective and does not collect any sensitive data such as gender, ethnic background, race, political views, etc.
A given user data is processed till the user has a Docugent account, or they report a request to avail their right to erasure, which initiates a process to removes their data from our user base.
Docugent processes its users from the moment they submit their consent for it and is processed until a user requests to be removed from the same.
How Docugent users can change or remove their personal data?
- Account administrators can delete users from the account
- Uploaded videos can be managed and deleted from My Contents
- Terminated accounts are retained for 30 days to assist with service reactivation. After 30 days have passed the account is permanently deleted
Docugent users can edit their account name or change their password by visiting “My Profile” section in the web app, after logging in. To request deletion of their data, a user can contact the support team at [email protected].
Our support team is available 24X7 in case you need any help. For any queries email us at [email protected] to get instant help.