{"id":6967,"date":"2017-11-22T16:37:06","date_gmt":"2017-11-22T15:37:06","guid":{"rendered":"https:\/\/www.combell.com\/en\/blog\/?p=6967"},"modified":"2023-05-16T14:30:06","modified_gmt":"2023-05-16T12:30:06","slug":"gdpr-what-you-should-know-as-a-combell-customer","status":"publish","type":"post","link":"https:\/\/www.combell.com\/en\/blog\/gdpr-what-you-should-know-as-a-combell-customer\/","title":{"rendered":"GDPR: what you should know as a Combell customer"},"content":{"rendered":"<p>The <em>General Data Protection Regulation<\/em> (<strong>GDPR<\/strong>) has far-reaching consequences. But what are the implications of this new European regulation for your relationship with Combell?<\/p>\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h2 class=\"wp-block-heading\">Key principles of the GDPR<\/h2>\n<p>Over the last few months, almost everyone in the sector has been talking about the fact that a new major European regulation, called <strong>General Data Protection Regulation<\/strong> (GDPR), will come into force on <strong>25 May 2018<\/strong>. Meanwhile, you are probably familiar with its key principles:<\/p>\n<ul>\n<li><strong>The same rules apply to the whole EU<\/strong>; if data from EU citizens are processed by businesses outside of the EU, the GDPR still applies<\/li>\n<li>The definition of <strong>\u201cpersonal data\u201d is now broader<\/strong>: it includes data types such as IP addresses and sensitive data such as data concerning a person\u2019s health or cultural identity<\/li>\n<li><strong>The collection of data is subject to strict regulations<\/strong>, which means you cannot purchase or create lists of information any way you like: users must provide explicit consent and are allowed to access their data and have them erased<\/li>\n<li>In the past, data breaches were usually disregarded, but today <strong>heavy<\/strong> <strong>fines<\/strong> can be imposed. If the collected data are processed incorrectly, if a serious data breach is not notified or if the company did not undergo risk assessment, a fine of 2% of annual turnover can be imposed. For more severe infringements, the fine can be up to 4% of annual turnover or up to an amount of 20 million euros, whichever is higher.<\/li>\n<\/ul>\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h2 class=\"wp-block-heading\">New definitions: Data Processor, Data Controller and Data Subject under the GDPR<\/h2>\n<p>It is not easy to understand how this new regulation will affect the relationship between you and Combell, because both Combell and your company (as a Combell customer) alternately assume different roles, as set out in this regulation.<\/p>\n<ul>\n<li><strong>Data Controller<\/strong> = the owner of the data, the person who collects the data. As a Combell customer, you e.g. collect names, addresses and payment information of your users, which makes you a Data Controller.<\/li>\n<li><strong>Data Processor<\/strong> = the organisation where the data is stored, or which processes them, in a manner defined by the Controller. As a Combell customer, you ask us to back up the data of your users; in this case, Combell is the Processor. The Processor remains responsible for the correct application of the GDPR when the Processor appoints a third party (the sub-processor) to process the data.<\/li>\n<li><strong>Data subjects<\/strong> = the persons whose personal data are processed.<\/li>\n<\/ul>\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h2 class=\"wp-block-heading\">The obligations of Combell customers as Data Controllers under the GDPR<\/h2>\n<p>The first thing you need to do is <strong>check if you are allowed to process the data<\/strong>. That means data collection and processing occurs because<\/p>\n<ul>\n<li>it is part of the obligations of a contract;<\/li>\n<li>you have received explicit consent from the data subject (no opt-out!);<\/li>\n<li>you are meeting a legal obligation;<\/li>\n<li>it is relevant for the personal safety or health of the data subject;<\/li>\n<li>it is in the public interest or in your legitimate interest (e.g. to be able to identify people responsible for hacking, fraud, etc.)<\/li>\n<\/ul>\n<p>Next, you also need to ascertain that the <strong>data are well protected<\/strong>. If you want to meet the ISO 27001 requirements, you will have to work with an Information Security Board and\/or a Security Officer, in order to draw up a Risk Assessment report.<\/p>\n<p>And finally, you should <strong>notify a data breach immediately<\/strong>. In such cases, the following rules shall apply:<\/p>\n<p><strong>A data breach is any breach of security <\/strong>(leaks, hacks\u2026) resulting in data being destroyed, lost, altered, unlawfully disclosed or accessed by unauthorised persons.<\/p>\n<p><strong>You must notify the breach<\/strong><\/p>\n<ul>\n<li>to the data subjects (your customers)<\/li>\n<li>to the authorities.<\/li>\n<\/ul>\n<p class=\"has-gray-faded-background-color has-background\">For Belgium: the website of the&nbsp;<a href=\"https:\/\/www.privacycommission.be\/en\/contact-us\" target=\"_blank\" rel=\"noreferrer noopener\">Commission for the protection of privacy<\/a>. For the Netherlands: the&nbsp;<a href=\"https:\/\/datalekken.autoriteitpersoonsgegevens.nl\/\" target=\"_blank\" rel=\"noreferrer noopener\">online notification to the Dutch Data Protection Authority<\/a>.<\/p>\n<p><strong>You need to notify the breach within 72 h.<\/strong> The GDRP is aware that, during this period, you probably do not have all the information gathered about the incident. However, your first notification should include the following information:<\/p>\n<ul>\n<li>the nature of the breach<\/li>\n<li>the number of data subjects concerned<\/li>\n<li>the likely consequences of the breach for the data subjects concerned<\/li>\n<li>the measures you have already taken<\/li>\n<li>the extra measures you plan to take<\/li>\n<\/ul>\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-1 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-large\"><img decoding=\"async\" src=\"https:\/\/www.combell.com\/nl\/blog\/files\/2017\/11\/COMBELL_Personeel2016_5392-683x1024.jpg\" alt=\"Veerle Van Hecke GDPR verantwoordelijke Combell\" class=\"wp-image-14409\"\/><\/figure>\n<\/div>\n<\/div>\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cAs of 25 May 201, you will have to notify data breaches within 72 hours on pain of (heavy) fines. We will help you identify the data sets you are responsible for.\u201d<\/p>\n<p><cite>Veerle van Hecke, GDPR Data Controller at Combell<\/cite><\/p><\/blockquote>\n<\/div>\n<\/div>\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h2 class=\"wp-block-heading\">The obligations of Combell as a Data Processor under the GDPR<\/h2>\n<p>Combell is the Processor of the data you collected as a Data Controller. We therefore have several obligations, such as:<\/p>\n<ul>\n<li>keeping logs of your data we process (e.g. making backups)<\/li>\n<li>notifying you about breaches on your data sets that are hosted on a platform managed by us (the Data Controller) and assist you in making the notification to the Data Subjects (the extent of this help may depend on the service package you purchase)<\/li>\n<li>making sure that Sub-Processors (third parties we hire to process the data) operate in accordance with the GDPR<\/li>\n<\/ul>\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cYou and Combell need to agree on the roles (Processor or Controller under the GDPR) of each party in advance when it comes to data hosted on a platform managed by Combell.\u201d<\/p>\n<\/blockquote>\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h2 class=\"wp-block-heading\">The Combell customers as Data Subjects under the GDPR<\/h2>\n<p>Finally, you should also remember that Combell processes personal data about you, our customer \u2013 a (technical) contact from your company, for instance. In this role, as a Data Subject, you have the <strong>rights<\/strong> listed below, and it is our <strong>duty<\/strong> as a Data Controller and Processor to react thereto as described below:<\/p>\n<ul>\n<li><strong>You have the right to have your data erased<\/strong>, e.g. when the personal data are no longer necessary in relation to the purposes for which they are collected. In that case, not only will we have to erase the data from our systems, but we will also have to ask any other subcontractor to erase the data from their systems.<\/li>\n<li><strong>You have the right to request information about these data<\/strong>, such as the period for which your data will be stored, the purposes of their processing, and the information about the persons\/organisations that can access your data.<\/li>\n<li><strong>You have the right to access your data (at reasonable intervals)<\/strong> and have them rectified. You can also transfer your data to another Processor. Depending on the circumstances, Combell will give you secure access to your data or deliver you a copy thereof in an industry-standard format, such as a csv file.<\/li>\n<\/ul>\n<p>Keep in mind that in case of a data breach, the GDPR requires you to notify the incident within 72 hours after having become aware of it. The extent to which Combell will assist you depends on the technological and organisational measures set out in your service package. Have a quick word about this with your account manager!<\/p>\n<p>For feedback or questions about your specific situation (e. g. a private cloud solution), <a href=\"https:\/\/www.combell.com\/en\/about-combell\/contact\" target=\"_blank\" rel=\"noopener\">feel free to contact us<\/a>.<\/p>\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<h2 class=\"wp-block-heading\">Discover the easiest way to comply with privacy legislation<\/h2>\n<p>If you want to create your own privacy policy and cookie banner in no time, we recommend <a href=\"https:\/\/www.combell.com\/en\/iubenda-compliance-manager\"><strong>iubenda<\/strong><\/a>. This compliance software, <strong>managed by a team of international lawyers<\/strong>, is a sister company of Combell. So, you can count on the same service. \ud83d\ude04<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/www.combell.com\/en\/blog\/files\/iubenda-scan.png\" alt=\"iubenda-scan\" class=\"wp-image-10770\" width=\"600\" srcset=\"https:\/\/www.combell.com\/en\/blog\/files\/iubenda-scan.png 1400w, https:\/\/www.combell.com\/en\/blog\/files\/iubenda-scan-300x214.png 300w, https:\/\/www.combell.com\/en\/blog\/files\/iubenda-scan-1024x731.png 1024w, https:\/\/www.combell.com\/en\/blog\/files\/iubenda-scan-768x549.png 768w\" sizes=\"(max-width: 1400px) 100vw, 1400px\" \/><\/figure>\n<\/div>\n<p>With iubenda, you can generate all the necessary documents and tools and automatically keep them in line with changes in the law. It is perhaps the easiest way for your website or webshop to comply with the GDPR legislation and other privacy laws.<\/p>\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-1 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-yellow-background-color has-background\" href=\"https:\/\/www.combell.com\/en\/iubenda-compliance-manager\">Discover all possibilities of iubenda<\/a><\/div>\n<\/div>\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The GDPR has far-reaching consequences. But what are the implications of this new European regulation for your relationship with Combell?<\/p>\n","protected":false},"author":1,"featured_media":10778,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","footnotes":""},"categories":[61,67,62,66],"tags":[221,419,281],"acf":[],"uagb_featured_image_src":{"full":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer.jpg",1200,420,false],"thumbnail":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer-50x50.jpg",50,50,true],"medium":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer-300x105.jpg",300,105,true],"medium_large":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer-768x269.jpg",768,269,true],"large":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer-1024x358.jpg",1024,358,true],"1536x1536":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer.jpg",1200,420,false],"2048x2048":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer.jpg",1200,420,false],"post-featured":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer-850x290.jpg",850,290,true],"post-featured-opt":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer-750x256.jpg",750,256,true],"post-featured-opt-md":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer-850x290.jpg",850,290,true],"post-featured-opt-sm":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer-485x165.jpg",485,165,true],"post-featured-opt-xs":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer-375x128.jpg",375,128,true],"post-most-popular":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer-50x50.jpg",50,50,true],"post-author":["https:\/\/www.combell.com\/en\/blog\/files\/What-you-should-know-about-GDPR-as-a-Combell-customer-60x60.jpg",60,60,true]},"uagb_author_info":{"display_name":"Combell","author_link":"https:\/\/www.combell.com\/en\/blog\/author\/blogadmin\/"},"uagb_comment_info":1,"uagb_excerpt":"The GDPR has far-reaching consequences. But what are the implications of this new European regulation for your relationship with Combell?","_links":{"self":[{"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/posts\/6967"}],"collection":[{"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/comments?post=6967"}],"version-history":[{"count":10,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/posts\/6967\/revisions"}],"predecessor-version":[{"id":10783,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/posts\/6967\/revisions\/10783"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/media\/10778"}],"wp:attachment":[{"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/media?parent=6967"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/categories?post=6967"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.combell.com\/en\/blog\/wp-json\/wp\/v2\/tags?post=6967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}