CompanyHub & the General Data Protection Regulation
On May 25, 2018, a new landmark privacy law called the General Data Protection Regulation (GDPR) takes effect in the European Union (EU). The GDPR expands the privacy rights of EU individuals and places new obligations on all organizations that market, track, or handle EU personal data. How will this affect your company?
The GDPR is a new comprehensive data protection law (in effect May 25, 2018) in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.
The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organization that processes personal data of EU individuals is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU.
CompanyHub GDPR Readiness
Organizations increasingly understand the importance of information security—but the GDPR raises the bar. It requires that organizations take appropriate technical and organizational measures to protect personal data from loss or unauthorized access or disclosure. We protect our infrastructure & user data.
- GDPR Compliant Infrastructure
- SSL Encryption
- Separate Databases
- Table-Level Security
- Field-Level Security
- Row-Level Security
- Report Sharing
- Monitoring Security
CompanyHub is built with security to protect your data and applications. You can also implement your own security scheme to reflect the structure and needs of your organization. Protecting your data is a joint responsibility between you and CompanyHub. CompanyHub security features enable you to empower your users to do their jobs safely and efficiently. Various security schemes are as below:
CompanyHub uses Amazon EC2, RDS ,S3 which are already declared GDPR Compliant by Amazon with the CISPE Code of Conduct.
CompanyHub uses SSL encryption to transport data from users to our secured databases. The encryption uses SHA256 algorithm for the encryption.
Each customer gets a separate database in CompanyHub. So, there is no intervention or probability of incorrect data exposure of databases of other users
Using table permissions, users can be restricted from seeing, creating, updating or deleting tables. Table permissions let you hide whole menus of tables from particular users so that they don’t even know if this table exists.
In some cases, you may want users to have access to a table, but limit their access to individual fields in that table. Field-level security—or field permissions—control whether a user can see, edit, the value for a particular field on a table. They let you protect sensitive fields without having to hide the whole table from users.
Along with tables and fields, if you want to control the record themselves, Record-level security lets you give users access to some table records, but not others. Every record is owned by a user. The owner has full access to the record. In a hierarchy, users higher in the hierarchy always have the same access to users below them in the hierarchy. There are two ways in which you can specify record-level security
Organization Sharing Settings: The first step in row-level security is to determine organization sharing settings. By default, all records are visible to all users in an organization. We can use organization sharing settings to lock down data to the owners and the managers. After this is done, you can selectively give access of records to other users using other row-level security settings.
Territory Hierarchy: Once you’ve specified organization-wide sharing settings, You can use a territory hierarchy to share wider access to records. A territory hierarchy grants users access to records based on criteria such as zip code, industry, or a custom field that is relevant to your business. For example, you could create a territory hierarchy in which a user with the “North America” role has access to different data than users with the “Canada” and “United States” roles.
Each report is added to a folder. Users can be restricted to view/edit some reports using report sharing. They can be allowed or disallowed to view/edit reports.
You can select certain fields in any of the tables to track & monitor edits on those fields. Modifying any of these fields adds a non-deletable activity in activity of that table.
CompanyHub strives to help you comply with the data protection and privacy regulations by implementation of various actions like email opt-outs etc. We ask for consent before signups etc. We store consent, the time of consent, context of consent for legal obligations. To make it easier for our customers to store consent of their users, CompanyHub gives an option to create custom tables to store fields of consent of users. These consent records can be linked to records in desired tables.
To comply with data protection and privacy regulations, sometimes customers need to delete their personal data.
When situations require you to do so, prevent the processing of your customers’ data. We give guidance to help you restrict forms of data processing. That way, you can work toward complying with the laws that are important to your company. You can export data from CompanyHub that you don’t want to be processed.
There are various options for data portability. You can use APIs, Import Wizard to import data from CSV files to CompanyHub. You can allow your customers to export their data as per various data regulations. Data can be extracted from various methods such as UI-driven export, reports, REST API. Export formats include JSON and CSV.