We at iKnock understand the bearing of compliance requirements on your organization. Hence, we assure you that we are devoted to develop and serve features that will assist your organization in its compliance strategies. We support, not only GDPR, but all your compliance needs.
The General Data Protection Regulation (GDPR) is a EU-wide regulation that controls how companies and other organizations handle personal data. It is the most significant initiative on data protection in 20 years and has major implications for any organization in the world, serving individuals from the European Union.
To give people control over how their data is used and to protect “fundamental rights and freedoms of natural persons”, the legislation sets out strict requirements on data handling procedures, transparency, documentation and user consent.
Any organization must keep record of and monitor personal data processing activities.
As data controller, any organization must keep record of and monitor personal data processing activities. This includes personal data handled within the organization, but also by third parties – so called data processors.
Data processors can be anything from Software-as-a-Service providers to embedded third party services, tracking and profiling visitors on the organization’s website.
Both data controllers and processors must be able to account for what kind of data is being processed, the purpose of the processing and to which countries and third parties the data is transmitted.
If personal data is being sent to organizations or jurisdictions beyond the reach of the GDPR or that are not deemed ‘adequate’ by the GDPR, one must inform the user specifically about this and the risks involved.
All consents must be recorded as evidence that consent has been given.
No processing of sensitive personal data is allowed without a person’s explicit consent. For non-sensitive data, implied consent will do. In either case the consent must be freely given on basis of clear and specific information about data types and purpose – and always before any processing takes place, also known as ‘prior’ consent. All consents must be recorded as evidence that consent has been given.
Individuals now have the “right of data portability”, the “right of data access” along with the “right to be forgotten” and can withdraw their consent whenever they want. In such case the data controller must delete the individual’s personal data if it’s no longer necessary to the purpose for which it was collected.
In case of a data breach, the company must be able to notify data protection authorities and affected individuals within 72 hours.
Furthermore, GDPR imposes an obligation on public authorities, organizations with more than 250 employees and companies processing sensitive personal data at a large scale to employ or train a data protection officer (DPO). The DPO must take measures to ensure GDPR compliance throughout the organization.
As you’re collecting personal visitor or other user data for your organization use, iKnock clients are considered data controllers. While, iKnock which provides a software application to facilitate the data collection from our customer’s visitors, is considered the Processor. As Processor it is our responsibility to help our Controller client so that they may be compliant with the GDPR.* We assist you in your GDPR compliance efforts in the following ways:
In order to resolve a complaint regarding the GDPR Complaince or to receive further information regarding it, please contact us at firstname.lastname@example.org*iKnock solution and service may be used to assist customers with compliance matters in certain circumstances but the configuration and use of the service and the compliance with the rest of the respective requirements is solely the responsibility of each client. iKnock disclaims any and all liability and responsibility for compliance with the any rules, laws, standards, and regulations.