Passed in 2016, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.
We support the GDPR and will ensure all Encore Networks services comply with its provisions by May 25, 2018. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security and compliance worldwide.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU.
Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.
Who does the GDPR apply to?
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
Does the GDPR apply to users of enCloud™?
If the user of enCloud™ is processing the personal data of EU individuals when using our products and services. Then the GDPR applies to them.
What is Encore’s role under GDPR?
We act as both a data processor and a data controller under the GDPR.
Encore as a data processor: When customers use our products and services to process EU personal data, we act as a data processor. For example, we will be a processor of EU personal data and information that gets uploaded to enCloud™ when devices check in to enCloud™ or when you create user accounts for your users in enCloud™. This means we will, in addition to complying with our customers’ instructions, need to comply with the new legal obligations that apply directly to processors under the GDPR.
Encore as a data controller: We act as a data controller for the EU customer information we collect to provide our products and services and to provide timely customer support. This customer information includes things such as customer name, email address, phone number and other contact information. It may also include device or network information (that may or may not be personally identifiable) used to troubleshoot or diagnose issues through the support process.
What have we done to comply with GDPR?
We have conducted an extensive analysis of our operations to ensure we comply with the new requirements of the GDPR. With the help of external advisors, we have reviewed our products and services, customer terms, privacy notices and arrangements with third parties for compliance with the GDPR. We confirm we are fully compliant with the GDPR as of May 25, 2018.
What personal data does Encore collect and store from our customers?
We store data that customers have given us voluntarily. For example, in our role as data processor, we may collect and store contact information, such as name, email address, phone number, or physical address, when customers sign up for enCloud™ and create user accounts within enCloud™. enCloud™ is designed to collect device information from EN™ Series routers. Information like IP addresses and location of routers may be collected as part of normal operation. This data may or may not be considered personally identifiable as it reflects information about the EN™ Series devices that isn’t necessarily related to a particular individual.
We separately act as a data controller when customers contact Encore directly for support or sign up to be contacted on our website. In these cases, the specific use for the data collected is described at the time of collection.
How (and how long) is data stored and used within enCloud™?
enCloud™ is expressly designed to collect device information from EN™ Series routers for the purpose of management and diagnostics. Examples include, IP addresses, data usage, cellular signal strength, device physical location and other data. This data may or may not be considered personally identifiable.
Personally identifiable data is collected by enCloud™ when user accounts are created. This data is generally limited to username, email address, password, phone number and physical address, but other data may be added at user’s discretion in the optional fields. User data is only used to access enCloud™ and to provide alerts and notifications per the users’ request from enCloud™. This data is encrypted and stored securely, and is not shared with any other parties for any other purpose other than to access and use enCloud™.
How do we handle delete instructions from customers?
Customers have the ability to remove or delete information they have uploaded to our products. Likewise, customers may deactivate their account and request that all personal data we have collected and stored is deleted.
Within enCloud™ deleting a device, deletes all data associated with and collected from that device. Deleting a user account deletes all personal data associated with that user account.