Ona and GDPR
The EU has introduced a new data privacy legislation called the General Data Protection Regulation (GDPR) that will be effective as of May 25th, 2018. GDPR will strengthen the privacy rights of EU citizens. To help ensure that Ona is GDPR compliant, we have taken the following actions:
- We have updated our terms of service.
- We have carefully reviewed all of our security practices and have worked to put in place the necessary technical and administrative requirements to make us GDPR compliant.
- We are requiring all users to confirm if they are collecting data on EU citizens. If you are NOT collecting data on EU citizens, you do not have to take further action.
- If you are collecting data on EU citizens, you will be required you to sign a GDPR compliant Data Processing Agreement (DPA) to continue to use Ona. If you need a DPA or have questions please contact us at firstname.lastname@example.org.
- If you are collecting data on EU citizens, we strongly encourage you to consider using encrypted forms.
- Using public forms to collect any personally identifiable (PII) data on people is now strictly prohibited and will result in your account being immediately suspended.
Your responsibility under GDPR
We can only work to ensure the service we provide you is GDPR compliant. It is ultimately your responsibility to ensure the practices you follow when collecting data on people meets GDPR standards. We encourage you, for example, to review your practices to ensure you are properly capturing consent and your are following best practices to keep your data secure once you export it out of Ona.
For more information on ensuring your account is GDPR compliant, please see this article.
For more information on how to confirm if you are collecting data on EU citizens, please see this guide.
Continue reading Ona News...