Important information: Updates to our General Terms of Service (“ToS”)
The new updated version will apply to all new customers from the publishing date on January 15, 2019.
For existing Customers, the changes will become effective on the date as stated in the ToS.
We are also happy to announce that our Data Protection Agreement (DPA), which sets the terms on how Personal Data is processed between Netigate and our Customers, is now a part of the ToS. This is important for the compliance to GDPR for Netigate and for our Customers and provides an effortless way for You to handle commissioned data for processing when using Netigate.
For existing Customers with valid DPA’s, the old DPA’s will still maintain effective, and you will be contacted should any changes or amendments be needed.
For Customers of Netigate Deutschland GmbH separate Terms of Service apply (DACH, Deutsch).
Für Kunden der Netigate Deutschland GmbH gelten diese Allgemeinen Geschäftsbedingungen.
Through the usage of Netigate both we and our customers contact a large amount of respondents. It is very important that our survey tool users show respect towards the respondents and their integrity. To maintain the highest level of quality in Netigate and security for our customers, we have strict rules and policies that our users must follow. Please contact Netigate to receive your copy of the Netigate General terms and conditions.
Stockholm – Head office
111 51 Stockholm
Phone: +46 (0)8 411 71 10
Security is a highly prioritized area for us and we continuously work to maintain the highest level of security. Our servers are hosted by one of the leading providers in Sweden. All data is currently backed up and stored in multiple locations. Netigate provide systems that discover any attempts to intrude and immediately notify us if that situation should occur. Access to the service is blocked while the investigation takes place.
The general terms and conditions regulate the usage of Netigate. We care about our customers and the respondents that receive surveys through Netigate. Therefore we have a strict policy against spam.
The information contained in this website (not the survey tool) is for general information purposes only. The information is provided by Netigate AB in Sweden and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
Through this website you might be able to link to other websites which are not under the control of Netigate AB, Sweden. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, Netigate AB in Sweden, takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
In the following, we would like to inform you about the processing of personal data in line with the usage of our Internet pages. According to Article 4 of the General Data Protection Regulation (GDPR), “personal data” is all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”), which can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The legal basis of data protection can be found in the GDPR.
The party responsible for this website (“the controller”) is Netigate AB (Swedish Org. ID 556576-0997, below called Netigate, US or WE, Address: Drottninggatan 29, SE-11151, Stockholm, Sweden).
In order to be able to offer you our website and the associated services, we process personal data on the following legal basis:
We will refer to the respective terminology in the context of the respective processing, so that you can classify the basis on which we process personal data.
If personal information is processed by you based on your consent, you have the right to revoke your consent to us at any time with future effect.
If we process data based on a legal balance of interests, you, as the person concerned, have the right to object to the processing of your personal data, considering the requirements of Article 21 GDPR.
Netigate will generally process personal information transmitted to or collected by us to meet our legal or contractual obligations to our customers, employees and suppliers and to provide our services
This includes the following cases:
If you apply through our website, we will process personally identifiable information about you for the purpose of your application for employment, to the extent that this is necessary for the decision to establish an employment relationship with us. The legal basis is § 26 para. 1 in conjunction with para. 8 sent. 2 BDSG.
Furthermore, we may process personal data about you, as far as this is necessary to defend against asserted legal claims from the application process against us. The legal basis is Art. 6 para. 1, letter f DSGVO; the legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
Insofar as employment arises between you and us, pursuant to § 26 (1) BDSG we may further process the personal data you have already received for employment purposes, if this is necessary for the execution or termination of the employment relationship, or for performance or fulfilment of required by law or a collective agreement, an operating or service agreement (collective agreement) and duties of employee representation.
However, it can be necessary to store data in order to fulfil contractual obligations to examine warranty and guarantee claims. In addition, it is indispensable to store data to grant or defend the mentioned claims.
In order to comply with the statutory retention period, a deletion shall only be carried out after expiration of the respective retention period.
If you have sent us your job applicant data, we will store your personal data for the duration of the application process. If the application does not result in a job offer, we may also continue to store data as required to defend against possible legal claims. The application documents will be deleted six months after a rejection decision has been communicated to the candidate, unless a longer storage due to litigation is required.
When answering our surveys, the personal information registered in the tool is
No personal information will be shared to a third party unless specifically stated in the survey or without your specific consent. If required by law, personal information may be submitted to local authorities upon request.
When you visit our website we may process personal data in order to be able to provide a user friendly experience of the website on your device.
For the pages to be displayed in your browser, the IP address of the device you are using must be processed. There is also more information about the browser of your device.
In terms of data protection, we are also obliged to guarantee the confidentiality and integrity of personal data processed using our IT systems.
For this purpose, the following data are logged based on a legal balance of interests:
The IP address will be deleted after 7 days at the latest from all systems used in connection with the operation of this website, except the chat which needs to store the IP address longer to keep the chat history. A chat history is deleted after 3 months. We can no longer produce a personal reference from the remaining data.
The data is also used to detect and correct errors on the website.
We offer a contact form on our website where you can request information about our products or services or contact us in general. The data required by you to answer a request has been marked as mandatory. Information on further data fields is voluntary.We need this information to process your request, to contact you correctly and to provide you with an answer. The data processing takes place with concrete inquiries to the fulfillment of a contract or the contract signing. For general inquiries, the processing is based on a comparison of interests.Inquiries received via the contact form on our website will be electronically processed by us to answer your request. In connection with this, other persons or departments and possibly third parties may also receive knowledge of the form contents that you have sent.The transmission of the data form is done safely via encrypted internet connections.
When you open a free account at Netigate, you consent to Netigate’s General Terms of Service and Data Processing Agreement.
We offer the opportunity to register to open a free account directly on our website with a double opt-in. The data entered (name, company name, phone number, email address and password) during your registration is encrypted, collected and stored solely for the use of our services. If you choose to register on our website, we will save the date and time of registration. This serves as a protection, in case of a third party abusing your data and making a registration on our website without your knowledge. The legal bases for the processing are Article 6 (1) (b) and Article 6 (1) (f). GDPR.
We might add the functionality to subscribe to an email newsletter on our website. In addition to the voluntary information in the respective form, we only process your email address. This is necessary in order to be able to send you the newsletter.
Existing clients will receive email information from us including newsletters with product updates and other information.
When you contact us, you will be added to our email list as it may, according to Article 6 (1) (f) GDPR, be deemed of interest. You can unsubscribe from the newsletter at any time. Alternatively, you will find a link to unsubscribe in each newsletter email.
To be able to analyse the popularity of our newsletter releases and optimise them, we log when emails are opened, and links are clicked. This usage analysis is based on a balance of interests. You can object to this processing by unsubscribing from the newsletter.
Cookies are used on our website. Cookies are small text information stored in your device via your browser. Cookies are required to enable certain features of our website.
As far as you have data opposite us e.g. voluntarily provide in forms and these are not required for the performance of our contractual obligations, we process these data in the legitimate assumption that the processing and use of this data in your interest.
Data that you provide to us will generally not be disclosed to third parties. In particular, your data will not be disclosed to third parties for their advertising purposes.
However, we may use service providers for the operation of this website or for other products or services. Here it can happen that a service provider receives knowledge of personal data. We carefully select our service providers – in particular with regard to data protection and data security – and take all data protection measures necessary for permissible data processing.
We are using the following service providers for our site:
This website uses the web analytics tool Google Analytics provided by Google, Inc. (“Google”). The purpose of the assignment is the “needs-based design” of this website, which is carried out on the basis of a balance of interests. The web analysis also allows us to fix website errors, e.g. to recognize and correct faulty links. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow analysis of how users use the site. In this case, so-called. “Client IDs” are used, which serve to create pseudonymous user profiles that collectively cover the use of the Internet pages by desktop computers and mobile devices by a user.
The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Since we have activated the so-called IP anonymisation on this website and have concluded a corresponding order processing contract with Google, your IP address will be shortened beforehand by Google within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will not associate your IP address with any other data held by Google.
Google is certified according to the so-called “Privacy Shield” ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI). A reasonable level of privacy is guaranteed by Google.
You may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by using the link below (http://tools.google.com/dlpage/gaoptout?hl=en) to download and install the available browser plugin. This also excludes you from remarketing.
Alternatively, you can – especially with mobile devices – prevent the collection by Google Analytics by clicking on the following link: https://tools.google.com/dlpage/gaoptout/
An opt-out cookie is then set, which prevents the future collection of your data when visiting this website.
For more information about the Google Analytics terms of service and privacy notices, please visit: https://policies.google.com/privacy.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
We do not use any of the following when you are an existing customer based on your logged in behaviour in the Netigate tool. This section applies to our general site experience.
Custom Audience ads
We may show you interest-based advertising with your permission when you are using Facebook through their service called Custom Audience Tool, which enables us to personalise our ads or remarket based on the sections of the site you visit for example.
We may also use this to create similar audiences in our marketing.
Our website use the Conversion tracking pixel from Facebook which means that after clicking on a Netigate ad we are able to track the return on investment and pass user defined and application-specific events to Facebook for reporting and statistical purposes. This data is processed by Facebook and at this time they can according to their Data Use Policy use the data for their own advertising purposes. This is done through the placement of a pixel or cookie.
To remove yourself from this usage (only users above age 13 can give permission) you can do this here: https://www.facebook.com/ads/website_custom_audiences/
We may if you have given permission use Googles customer match to adapt or exclude users from our marketing.
Read more about how Google uses this data (https://support.google.com/google-ads/answer/6334160?hl=en&ref_topic=6296507)
With your permission we may also apply the same logistics as with Google and Facebook in LinkedIn, read more about custom audiences and remarketing here: https://business.linkedin.com/marketing-solutions/ad-targeting/matched-audiences
The LinkedIn Insight Tag can collect data, including the URL, referrer, IP address, device and browser characteristics, timestamp, and page views. This data is encrypted, then de-identified within seven days, and the de-identified data is deleted within 90 days.
To opt our from interest based marketing on LinkedIn this can be done here:
We use so-called Google webfonts on our websites. It downloads fonts from Google servers, which serve to improve the design of the website. The data processing takes place on the basis of a balance of interests, whereby our interest lies in an attractive design of the Internet.
These fonts are downloaded from Google servers, which are usually located in the United States. The adequate level of data protection is guaranteed by Google (list entry “Privacy Shield”).
We process the aforementioned data for the operation of our website and for the fulfillment of contractual obligations towards our customers or the preservation of our legitimate interests.
For inquiries from you outside an active customer relationship, we process the data for sales and advertising purposes. You may object to the use of your personal data for promotional purposes at any time.
If personal data is processed outside the European Union, you will be able to recognize this from previous information.
We are using all necessary technical and organizational security measures to protect your personal data from loss and misuse. Your data is saved in a secure operating environment that is inaccessible to the public. Furthermore, data is encrypted during the transfer by so-called Transport Layers Security (TLS). This means that an approved encryption procedure is used for communication between your computer and our servers.
As a responsible company we refrain from automatic decision-making or profiling.
Netigate Group appoints external Data Protection Officers. You can reach them as follows:
|Netigate AB||Netigate Deutschland GmbH|
|Drottninggatan 29||Untermainkai 27-28|
You have the following rights granted by the European directive and regulatory body. If you want to claim any of the rights below, please contact us at the address above.
You also have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data.
Cookies are small text files that can be used by websites to make a user’s experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
Data stored as necessary cookies are for example:
Our sites uses different types of cookies depending on the user session.
We may use the following cookie types: Session Cookies
These cookies are temporary and expire once you leave our site. Permanent Cookies
Permanent cookies may stay on your disk for some time (up to 12 months) after the session has ended. These cookies may hold data such as login details and contact information, so that you don’t have to type them in every time you use the site. We have cookies on the login page to the Netigate tool e.g for the purpose to recognise your login email, but none once you are in a logged-in mode in your account.First-party Cookies
First-party cookies are issued from Netigate’s domains. These cookies often serve to give memory to the website about your data and preferences.
Third-party cookies are cookies that are set by a website/service other than Netigate’s domains. We may use the information we obtain from your use of our cookies for the following purposes:(1) to recognise your computer when you visit our website;
(2) to track you as you navigate our website, and to enable the use of login and webforms on our website;
(3) to improve the website’s usability;
(4) to analyse the use of our website;
(5) to personalise our website for you;
(6) to save your cookie settings;
(7) to remarket our services on third party websites.
Cookie Declaration Cookie declaration was last updated on 2018-10-22 by Netigate AB
Necessary Cookies (6)
Necessary cookies help make our website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
|__cfduid [x2]||ionicframework.com||Used by the content network, Cloudflare, to identify trusted web traffic.||1 year||HTTP Cookie|
|CookieConsent||netigate.net||Stores the user’s cookie consent state for the current domain||1 year||HTTP Cookie|
|JSESSIONID||nr-data.net||Preserves users states across page requests.||Session||HTTP Cookie|
|fonts||netigate.net||Determine what font-settings to use depending on visitor browser||Session||HTML Local Storage|
|__lc.visitor_id.#||netigate.net||Livechat cookie. This cookie is used in context with load balancing; this optimizes the response rate between the visitor and the site, by distributing the traffic load on multiple network links or disk drivers.||999 days||HTTP Cookie|
|lc_window_state||netigate.net||Livechat cookie. This cookie is necessary for the chat-box function on the website to function.||Session||HTTP Cookie|
Preference Cookies (15)
Preference cookies enables our website(s) to remember information that changes the way our website(s) behaves or looks, like your preferred language or the region that you are in.
|lang||ads.linkedin.com||Remembers the user’s selected language version of a website||Session||HTTP Cookie|
|lang||linkedin.com||Set by LinkedIn when a web page contains an embedded “Follow us” panel.||Session||HTTP Cookie|
|__livechat||livechatinc.com||Used to hide the user’s personal customisation of LiveChat.||3 Years||HTTP Cookie|
|__livechat_lastvisit||livechatinc.com||Stores when the user last used LiveChat.||3 Years||HTTP Cookie|
|3rdparty||livechatinc.com||Used to hide the user’s personal customisation of LiveChat.||Session||HTTP Cookie|
|main_window_timestamp#||livechatinc.com||Used to hide the user’s personal customisation of LiveChat.||Session||HTTP Cookie|
|recent_window||livechatinc.com||Used to hide the user’s personal customisation of LiveChat.||Session||HTTP Cookie|
|__lc_vv||accounts.livechatinc.com||Determins the LiveChat version.||Session||HTTP Cookie|
|__lc_cst||accounts.livechatinc.com||Livechat cookie. Used for storing the communication protocol.||3 years||HTTP Cookie|
|__lc_mcid||accounts.livechatinc.com||Stores the Livechat visitor ID||3 years||HTTP Cookie|
|__lc_mcst||accounts.livechatinc.com||Livechat cookie. Used for storing the communication protocol.||3 years||HTTP Cookie|
|lc_sso9739830||accounts.livechatinc.com||Used for storing the Livechat communication protocol||3 years||HTTP Cookie|
|message_text||livechatinc.com||Contains text typed by visitor before Livechat message is sent||Session||HTTP Cookie|
|notification[personal_invitation]||livechatinc.com||Livechat cookie. Used for synchronization between browser’s tabs in the old window.||Session||HTTP Cookie|
|notification[status_ping]||livechatinc.com||Livechat cookie. Timestamp of the last ping, information about agent availability and state of the visitor – during chatting session.||Session||HTTP Cookie|
Statistic Cookies (7)
Statistic cookies help us to understand how visitors interact with our websites by collecting and reporting information anonymously.
|_ga [x2]||netigate.net||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||2 years||HTTP Cookie|
|_gat||netigate.net||Used by Google Analytics to throttle request rate||Session||HTTP Cookie|
|_gid [x2]||netigate.net, pardot.com||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||Session||HTTP Cookie|
|_omappvp||netigate.net||Used by the lead generation platform OptinMonster to determine if the visitor is returning and has visited the website before.||11 years||HTTP Cookie|
|collect||google-analytics.com||Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels.||Session||Pixel Tracker|
|vuid||vimeo.com||Collects data on the user’s visits to the website, such as which pages have been read||2 years||HTTP Cookie|
Marketing Cookies (20)
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
|_hjIncludedInSample||netigate.net||Determines if the user’s navigation should be registered in a certain statistical place holder.||Session||HTTP Cookie|
|_omappvs||netigate.net||Used by the lead generation platform OptinMonster to determine if the visitor is visiting the website for the first time.||Session||HTTP Cookie|
|ads/ga-audiences||google.com||Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor’s online behaviour across websites.||Session||Pixel Tracker|
|bcookie||linkedin.com||Used by the social networking service, LinkedIn, for tracking the use of embedded services.||2 years||HTTP Cookie|
|BizoID||ads.linkedin.com||This is a Microsoft MSN 1st party cookie to enable user-based content.||29 days||HTTP Cookie|
|bscookie||linkedin.com||Used by the social networking service, LinkedIn, for tracking the use of embedded services.||2 years||HTTP Cookie|
|fr||facebook.com||Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.||3 months||HTTP Cookie|
|lidc||linkedin.com||Used by the social networking service, LinkedIn, for tracking the use of embedded services.||Session||HTTP Cookie|
|MUID||bing.com||Used widely by Microsoft as a unique user ID. The cookie enables user tracking by synchronising the ID across many Microsoft domains.||1 year||HTTP Cookie|
|MUIDB||bing.com||This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.||1 year||HTTP Cookie|
|om-session-pageviews||netigate.net||Used by the lead generation platform OptinMonster to count the number of pages viewed by the visitor.||Session||HTML Local Storage|
|om-session-start||netigate.net||Used by the lead generation platform OptinMonster to register the amount of time the visitor has spend on the website.||Session||HTML Local Storage|
|test_cookie||doubleclick.net||Used to check if the user’s browser supports cookies.||Session||HTTP Cookie|
|UserMatchHistory||ads.linkedin.com||Unclassified||29 days||HTTP Cookie|
|visitor_id# [x2]||netigate.net, Pardot.com||Unclassified||10 years||HTTP Cookie|
|visitor_id#-hash [x3]||pardot.com||Unclassified||10 years||HTTP Cookie|
|_hjIncludedInSample||success.netigate.net||Determines if the user’s navigation should be registered in a certain statistical place holder.||Session||HTTP Cookie|
Unclassified Cookies (5)
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
|__lc_cid||accounts.livechatinc.com||Unclassified||3 years||HTTP Cookie|
|_gcl_au||netigate.net||Unclassified||3 months||HTTP Cookie|
Netigate is one of the leading European providers of cloud-based services for online surveys. We help organisations gain valuable insights, make better business decisions and improve processes.
While doing so, we will maintain the value of privacy and preserve the ability for you to control how your data is collected and stored in accordance with the General Data Protection Regulation.
This starts with making sure that you get clear choices about how and why data is collected and used, and ensuring that you have the information you need to make the choices that are right for you across our products and services.
A business with a problem that needs a solution Collecting and assessing feedback from your customers, employees or other individuals within the EU and EEA countries is considered processing personal data. Therefore, it is your responsibility to comply with GDPR as well as document your compliance. As a customer of Netigate you’re on the safe side.
One of Netigate’s highest priorities is and has always been data security. Netigate’s focus to comply with GDPR began in April 2016, when EU executed the new legal framework. As a result, Netigate assembled a dedicated GDPR team with the CEO as well as representatives from each department to ensure that every part of the company is compliant.
Netigate’s headquarters are located in Stockholm, Sweden. Netigate only uses EU-based servers to ensure data protection and security. Netigate offers server locations in Germany and Sweden for our customers. Netigate only utilises certified data centers according to the international information security standard, ISO 27001.
The Respondent is the DATA SUBJECT
Respondent provides input into the survey, and must provide the Controller consent for processing.
Netigate’s customers are the CONTROLLERS
The Controller must receive legal consent (typically consent or a contractual relationship) for processing personal data. The Controller defines the purpose as well as the data lifecycle and retention time. The Controller is always in full control of the data. The Controller is the contact point for the Data Subject.
Netigate is the PROCESSOR
Netigate provides the software tool used by the Controller. The tool includes functionalities that allow customers to fulfill the requirements and principles in accordance with the GDPR. Netigate performs support and services. Netigate provides the required security measures. Data Processing Agreement (DPA) in place with Customer.
Netigate’s hosting provider is the SUB-PROCESSOR
Netigate uses certified hosting providers across a range of data centers to meet the highest security requirements. To ensure data confidentiality, integrity, and accessibility, Netigate takes the necessary and relevant technical and organizational security measures. Data Processing Agreement (DPA) in place with Netigate.
Other Netigate entities may be SUB-PROCESSORS
Support and services may be provided by other entities within Netigate.
Netigate continues to be the first and safest choice for data security. Netigate strictly follows German security requirements since Germany maintains the highest security standards in Europe. Netigate has several action points in place that aligns with GDPR, which include the following:
Netigate has implemented strategies and functions compliant with GDPR’s guidelines by respecting individuals’ rights to control their personal data. This is one reason why Netigate requires personal consent. As a Netigate customer (the Controller), you will always have:
GDPR has strict requirements regarding processing documentation. The Controller is responsible for collecting documentation from the Processor. As a Netigate customer, you will have access to required documentation regarding the processing of personal data in the Netigate platform.
All Netigate employees operate and must abide by non- disclosure agreements. Netigate employees are also subject to privacy training and awareness. All Customer data is considered confidential. Internal access is restricted and is only granted on a need-to-know basis.
Employees are not permitted to enter customer accounts or surveys without explicit approval. Our Netigate employees know how to protect your integrity.
A mandatory GDPR compliant Data Processing Agreement available (if personal data is processed).
On May 25th, 2018, the European Union’s (EU) new data protection framework, the General Data Protection Regulation (GDPR), will come into force. It is the most significant piece of data protection legislation to date and will impact any organization that processes personal data in connection with goods/services offered to an EU resident, or monitors the behaviour of persons within the EU. The GDPR strengthens individuals’ privacy rights through stricter limits on the processing of their personal data, significantly expanding their rights over their data, and providing increased transparency into the nature, purpose, and utility of it.
As a regulation instead of a directive, the GDPR becomes enforceable as law in all EU member states simultaneously on this date. It replaces the separate member state implementations of data protection law, streamlining compliance by providing a single set of principles to follow.
The scope of this new regulation covers all organizations that process the personal data of EU residents or monitor individuals’ behaviours conducted within the EU, regardless of the entity’s location. The terms processing and personal data are defined broadly: processing involves “any operation or set of operations which is performed on personal data” and personal data means “any information relating to an identified or identifiable natural person (‘data subject’).” The GDPR outlines various requirements for Controllers (entities who determine the purposes and means of the processing of personal data) and Processors (entities who process personal data as directed by a Controller).
|Key Requirements||Brief Description|
|Data Protection by Design and Default|
Controllers and Processors must incorporate data protection into new products and services that involve the processing of personal data (Design) and consider data protection issues in all business decisions (Default).
|Lawfulness of Processing||Processing must be based on consent, performance of a contract, legal obligation, protection of vital interests, tasks carried out in the public interest, or legitimate interest balanced against the fundamental rights of data subjects.|
|Conditions for Consent||Requests for consent must be freely given, specific, informed and unambiguous through a statement or through a clear affirmative action.|
|Security of Processing||Controllers and Processors shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.|
Data Subject Rights & Information
|Controllers shall provide the information outlined in Articles 13 & 14 to Data Subjects and Data Subjects may access, correct, delete, restrict processing of, and transfer their personal data, as well as object to automated decision-making based on their personal data.|
|Data Inventory||Controllers and Processors must create centralized repositories containing records of processing activities carried out on personal data.|
|Data Protection Impact Assessments||Where a type of processing is likely to result in a high risk to the rights and freedoms of natural persons, prior to processing Controllers must carry out assessments of the impact of the envisaged processing operations on the protection of personal data.|
|Data Protection Officer||Controllers and Processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or large-scale processing of special categories of data must appoint a Data Protection Officer.|
Controller and Processor relationships must be governed by binding contracts that set the terms of the processing to be performed and provide Controllers with the right to object to Sub-Processors engaged by the Processors.
|Data Breach Reporting||In the event of a breach involving personal data, the Controller shall, where feasible, notify the relevant Supervisory Authority within 72 hours of becoming aware of it and, if there is a likely high risk to the rights and freedoms of natural persons, the affected data subjects without undue delay.|
There are several steps that companies should take in anticipation of May 25th 2018, which Netigate have already implemented, such as:
Below are links to some GDPR resources which we at Netigate will continue to update as relevant regulatory authorities issue additional guidelines.
While the content on this page is designed to help organizations understand the GDPR in connection with Netigate’s services, the information contained herein may not be construed as legal advice. Organizations should consult with their own legal counsel with respect to interpreting their unique obligations under the GDPR and the use of a company’s products and services to process personal data.