Wednesday, May 9, 2018
As you may well be aware of from the news and other company newsletters, a new data protection legislation is coming into practice in the UK on the 25th May 2018.
The current Data protection Act 1995 (Directive 95/46/EC - DPA) will be replaced by the General Data Protection Regulation 2018 or GDPR for short.
This new law is applicable to any company or persons trading within the European union or whom have clients residing within the EU regardless of Company head quarter location.
The data that is protected under GDPR (as with the DPA) is data concerning individuals (not companies).However the definition is wider under GDPR and "Personal Data" extends to any information pertaining to an individual, whether it relates to their private, professional or public life.
It can be anything from a name, to a home address, photo, email address, bank account details, posts on social networking websites, medical information, a computer's IP address and more.
In other words, if in the course of running your business you collect and use any data about anyone that identifies them this will be Personal Data and you are required to follow the law in the way it is handled, accessed, stored or transferred.
For over a year prior to the GDPR Regulation announcement, we were already in the process of making changes to our operations and systems. To make things clearer and easier for all our clients that are contractually obligated to our terms and conditions to operate their accounts freely.
To further explain the steps that have been taken they are outlined below:
- We Implemented two new security features on accounts to help safeguard data from unauthorized access. Namely - Second layer security pin for accessing accounts / Support Pin Tokenization.
- The implementation of Token Based payments instead of Non Token API for further security in using payment methods to help encrypt and further secure our gateways
- Removal of a £10 Administration fee for updating account details under the "Right of Access/Right of Rectification".
- Implementation of *The right to erasure (also known as the 'right to be forgotten')*. This can be accessed from the "My Details" Section of the Client Area. (Please note that this will permanently erase all your details, invoices, quotes, tickets and service history from our records and CANNOT be reversed.) If you have difficulties you can contact VAU Support whom will be happy to assist you https://www.vaunetworks.com/support.php
- Data retention policy: Data will not be kept for longer than 1 Year from the date of your last active order. Automation will ensure that all accounts matching this criteria will automatically be removed from the system.
- The right to data portability: You have the right to request a machine readable copy of your personal data we hold on record for you, allowing a time frame of at least 30 days for transactional completion. This can be extended to 2 months if the request it complex.
- Contract: Upon placing an order you as the client have to manually accept and consent to your details being used in conjunction with your account and with this in mind are bound to our terms and conditions to fulfill a contractual obligation. We do not and have never auto-checked the consent form to try and trick you into purchasing.
- Opt-In Marketing Consent. Although VAU Networks Ltd Rarely sends marketing emails or materials out to accounts that are registered. We do however send out important announcements and potential system outages that may affect services you have active. As part of this we require consent that has been given freely just as the terms and conditions state. You can opt-out of our system information/marketing content by visiting your client area and heading over to the My Details section. You can also access this area by clicking on the Opt out link at the footer of every email. By Law we are required to keep a Consent History for when opt-in and opt-out actions have occured on your account. This is now active on all accounts.
- We are in the process of re-writing our policies so that they are in plain English and easier to understand. In order to comply with the GDPR
- All client side gateway fees for electronic payments have been abandoned in order to comply with the GDPR
We will be contacting you in the near future to ensure your account details are up to date to coincide with the need for accurate information that we hold on your account.
We would like to thank you for taking the time to read this important update and urge all clients to contact VAU Networks to ensure all their data is up to date prior to our reaching out. Should you infact wish for your account to be closed this can be requested via VAU Support