GDPR - General Data Protection Regulation

What is GDPR?

GDPR is a European-wide regulation, effective from 25th May 2018, that is designed to unify and strengthen data protection for all individuals within the European Union (EU). More detailed information can be found on the UK’s ICO website, but the overall aim is to protect the individuals' fundamental right to privacy and the protection of such individual’s personal data.

Overview - The Key Changes that GDPR Will Introduce

The GDPR introduces several key changes, including:

  • Stricter consent requirements for processing personal data.
  • Enhanced rights for individuals, including the right to access and the right to be forgotten.
  • Increased accountability for organizations in handling personal data.
  • Mandatory data breach notifications.
  • Higher penalties for non-compliance.

Personal Privacy - Individuals Will Have the Right To:

  • Access to their personal data
  • Object to processing of their personal data
  • Correct errors in their personal data
  • Export their personal data
  • Erase their personal data

Transparency - Organisations Will Have To:

  • Give clear notice of data collection
  • Define their data retention and deletion policies
  • Outline their data use cases and processing purposes

Notification & Controls - Organisations Must:

  • Obtain appropriate consent to process data
  • Protect personal data via appropriate security measures
  • Keep records of how data is processed
  • Notify authorities of personal data breaches

IT & Training - Organisations Will Have To:

  • Audit and update data policies
  • If required, employ a Data Protection Officer
  • Train staff and contractors in privacy and data protection
  • Create and manage compliant vendor contracts

HugoFox & GDPR

Data protection is a priority issue at HugoFox. We welcome GDPR as an opportunity for all businesses and organisations that obtain, analyse or process individual data to implement and follow a standardised, consistent and improved approach to data protection. In preparation, HugoFox is undertaking a full audit of our systems, processes and products to ensure compliance with GDPR.

Examples of HugoFox Compliance

  • Our account sign-up and login services are completed through an HTTPS/SSL secure server, and passwords use cryptography which has functions to protect your information. For more on HTTPS / SSL, see here.
  • Our websites and services are hosted by Microsoft Azure, a global leader in secure hosting solutions. For more on Azure, see here.
  • The payment processing services we use (GoCardless and Sage Pay) are fully Payment Card Industry Data Security Standards (PCI DSS) compliant. For more on this, see here.
  • Our technical development team use the latest standards, tools and platforms to ensure that HugoFox is kept at the forefront of information and data security.

For more information about HugoFox and GDPR, please contact team@HugoFox.com.

Last revised on: 20 February 2018