What the GDPR means for Clevercast customers?

What the GDPR means for Clevercast customers?

  • Posted by Clevercast
  • On 21/05/2018
  • Comments

Starting May 25, 2018, Europe will enforce the General Data Protection Regulation (GDPR), a landmark policy to bring greater transparency to the use of personal data by corporations. It includes new rights for people to access the information companies hold about them, obligations for better data management for businesses, and a new regime of fines.

As a European company, we already paid a lot of attention to privacy and security in the past. All our data is stored on our own servers located in private racks in several separate ISO 27001-compliant datacenters within the EU. All our hardware and software is monitored 24/7, with automated alerts for possible threats or malfunctions. If vulnerabilities are discovered, the necessary patches or updates are immediately applied.

The GDPR imposes a number of additional privacy obligations, such as keeping a data register with the categories of personal data that our customers process and the purposes of processing. Moreover, the GDPR also contains a number of obligations for you as a customer of Clevercast. We list the most important issues.

New concepts

The GDPR defines different roles in which both Clevercast and your company can end up:

  1. Datasubject: this is the person whose personal information is processed
  2. Data controller: this is the company who collects the data. When your company collect name, address, payment details, etc. from your customers, it is the data controller.
  3. Data processor: this is the company storing or processing the data, as determined by the data controller. As a client of Clevercast, you may allow certain data from your users to be processed by Clevercast. Even if the Processor entrusts the processing to a third party (the sub-processor), the Processor remains responsible for correct compliance within the GDPR legislation.

What do you have to do yourself?

As a company you are the data controller. You must therefore ensure that you are fully in line with the GDPR regulations. That means that you have to ensure that:

  • the processing of personal data from your end users is permitted and in accordance with the GDPR
  • all your data is sufficiently protected
  • any security breach (a leak, hack …) involving personal data is reported within 72 hours to the authorities (in Belgium this is the privacy commission). If the data breach concerns a “high risk”, the involved parties must also be informed

As a customer of Clevercast you agree to be bound by our Data Processing Agreement, an addendum that is an integral part of our general terms and conditions. By doing so, you agree to keep us informed (by emailing to support@clevercast.com) of all categories of personal data that you transfer to Clevercast for processing, and the purposes of processing.

What does Clevercast do?

In case you have personal data from your end users processed by Clevercast, Clevercast plays the role of data processor. In that role we ensure that

  • your data is maximally secured
  • every employee is perfectly aware of everything that GDPR implies
  • we ensure that any sub-processors (= third parties) work in accordance with the GDPR
  • we keep a data register with the categories of personal data that we process for you, and the purposes of processing
  • we keep logs of processing on your data
  • every security breach is reported to you as soon as possible
  • we can give you secure access to your data on request, or provide a copy when you choose a different data processor

In addition, Clevercast also manages a limited set of personal data about you as a customer, such as information about contacts within your company. In this role you, as a data subject, have all the rights set by the GDPR and it is our duty to supervise this as data processor.

If you have more questions, please reach out to us at info@clevercast.com.