GDPR and HOQU
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect.
And as your trusted data processing partner, we’re committed to helping the entire industry on its GDPR compliance journey.
What Is GDPR? How Does It Affect HOQU Clients?
GDPR, or the General Data Protection Regulation, is the European Union’s new privacy law that updates and enhances its data protection requirements. Among the changes in the new rules, the definition of personal data has been broadened, and with it the scope of who is covered by the law.
Under GDPR, any company that markets products and services to individuals in the EU is affected, even when that company is not located in the EU.
GDPR Compliance as Shared Responsibility Between Data Controllers and Data Processors
Data Controller ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. HOQU clients are data controllers.
Data Processor ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. HOQU is a data processor.
The Key to GDPR: Rights of End Users
A key part of GDPR is letting individuals, also known as end users, choose what happens to their personal data. As data subjects under GDPR, end users have the right to:
- Access and correct errors
- Delete personal data
- Object to its processing
- Export it
FOR HOQU CLIENTS:
The Role of the Data Controller
As a data controller, you dictate what data you collect and what we do with it. You should consider the following key points:
- Determine the data you collect as a data controller, as well as the data we process and store on your behalf. With HOQU products, your data always belongs to you. This means that depending on the HOQU product or service you use, we may process personal data for you.
- Provide transparency through privacy notices and/or policies to end users that detail how you collect and use information, obtain consents (if needed), protect personal and sensitive information, and respond to requests from end users regarding their data.
- Should end users inquire about what data you maintain about them or decide they no longer want a relationship with you, you will respond directly to those requests.
The Role of the Data Processor
As a data processor, we process personal data only on instructions from you, the data controller. We also will comply with the following:
- If you’re a HOQU client and you need our assistance with any end user requests, we will partner with you to help you respond.
- We will take reasonable measures to secure your data, such as encryption, pseudonymization, stability and uptime, backup and disaster recovery, and regular security testing.
While the content on this page is to help you understand the GDPR when working with third parties, the information contained should not be construed as legal advice. You should consult with your own legal counsel with respect to interpreting your unique obligations under the GDPR and the use of a company’s products and services to process personal data.