About GDPR

On May 25, 2018, a new landmark privacy law called the General Data Protection Regulation (GDPR) takes effect in the European Union (EU). The GDPR expands the privacy rights of EU individuals and places new obligations on all organizations that market, track, or handle EU personal data.

This article provides answers to frequently asked questions about WhosOnLocation in light of the  GDPR. It does not provide legal advice. We urge you to consult with your own legal counsel to familiarize yourself with the requirements that govern your specific situation.

What is the GDPR?

The GDPR is a new comprehensive data protection law (in effect May 25, 2018) in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.

What does the GDPR regulate?

The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organization that processes personal data of EU individuals is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

How does the GDPR change Privacy Law?

The key changes are the following:

  1. Expanded data privacy rights for EU individuals, data breach notification and added security requirements for organizations, as well as customer profiling and monitoring requirements.
  2. GDPR also includes binding Corporate Rules for organizations to legalize transfers of personal data outside the EU, and a 4% global revenue fine for organizations that fail to adhere to the GDPR compliance obligations.
  3. Overall the GDPR provides a central point of enforcement by requiring companies to work with a lead supervisory authority for cross-border data protection issues.

Does the GDPR require EU personal data to stay in the EU?

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU. However, WhosOnLocation must comply with the privacy rights of EU individuals and we must ensure compliance with our obligations on how we market, track, and handle EU personal data. These include ensuring the rights of EU citizens is maintained as well as ensuring the handling of data is carried out in a way that meets the recommendations defined in the GDPR.

Is there a GDPR certification?

No, there is not currently a GDPR certification issued by the European Commission. WhosOnLocation will be monitoring any certifications that come out after the GDPR goes into effect and will certify to them, if it deems them to be appropriate.

Does the GDPR require EU personal data to be encrypted at rest?

The GDPR does not mandate specific security measures. Instead, the GDPR
requires organizations to take technical and organizational security measures which
are appropriate to the risks presented (Article 32(1)). Encryption at rest and
pseudonymization may be appropriate depending on the circumstances, but they are
not mandated by the GDPR in every instance.

Does WhosOnLocation encrypt personal data at rest?

Yes. We apply encryption of data at rest for all customer accounts.

Has WhosOnLocation updated it's Privacy Policy and MSA to reflect the GDPR?

Yes. Our Master Subscription Agreement (MSA) and Prvivacy Policy now incorporates provisions for GDPR. You can view our GDPR statement here.

Does WhosOnLocation have a ‘release’ with added GDPR features or functionality?

Yes. The following features are available to you:

  • A disclaimer for visitor information capture.
  • A disclaimer for photo capture specifically.
  • The ability for a visitor to disable the system from remembering their details on sign in.
  • A way for visitors to see all information you have about them.
  • The ability to erase a visitor’s information on their request.

Some of these require activation and some are features which you can use on request when required. To learn how to enable these feature see our How To article here.

WhosOnLocation's Data Protection Officer (DPO)

The GDPR requires that you appoint a representative in the EU.

WhosOnLocation has appointed a DPO who will be responsible for setting up policies, reviewing Data Protection Impact Assessment reports, monitoring compliance with the GDPR, and all tasks listed in Article 39.

Contact:

The Data Protection Officer
WhosOnLocation Limited
Email: dpo@whosonlocation.com

WhosOnLocation's Data Protection Representative (DPR) in the EU

The GDPR specifies Under Article 27 of the General Data Protection Regulation (GDPR), an organisation with no establishment in the European Union, and which processes the personal data of people inside the EU, must appoint a Data Protection Representative in the Union to allow individuals and local data protection authorities to have a contact in the EU.

Whosonlocation Limited, which processes the personal data of individuals in the European Union, in either the role of ‘data controller’ or ‘data processor’, WhosOnLocation has appointed a DPR Group as its Data Protection Representative for the purposes of GDPR. DPR Group are based in Ireland and gives us Contact locations in all 28 EU member states. The contact details for DPR Group HQ are:

DPR Group
Office 29, Clifton House,
Fitzwilliam Street Lower,
Dublin, Ireland
contact@dpr.eu.com

If you want to raise a question to Whosonlocation Limited, or otherwise exercise your rights in respect of your personal data, you may do so by:

  • sending an email to DPR Group at datainquiry@dpr.eu.com quoting <Whosonlocation Limited> in the subject line or;
  • by contacting us on our online webform at dpr.eu.com/datarequest or
  • by mailing your inquiry to DPR Group at the most convenient of the addresses below:

Country

Address

Austria

DPR Group, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Belgium

DPR Group, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium

Bulgaria

DPR Group, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria

Croatia

DPR Group, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia

Cyprus

DPR Group, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus

Czech Republic

DPR Group, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic

Denmark

DPR Group, Lautruphøj 1-3, Ballerup, 2750, Denmark

Estonia

DPR Group, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia

Finland

DPR Group, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland

France

DPR Group, 72 rue de Lessard, Rouen, 76100, France

Germany

DPR Group, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany

Greece

DPR Group, 24 Lagoumitzi str, Athens, 17671, Greece

Hungary

DPR Group, EMKE Building, Rákóczi Út 42, Budapest, 1072, Hungary

Ireland

DPR Group, Phoenix House, Monahan Road, Cork, T12 H1XY, Republic of Ireland

Italy

DPR Group, BPM 335368, Via Roma 12, 10073 , Turin, Italy

Latvia

DPR Group, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia

Lithuania

DPR Group, Vilniaus g.31, Vilnius, LT- 01402, Lithuania

Luxembourg

DPR Group, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg

Malta

DPR Group, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta

Netherlands

DPR Group, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands

Poland

DPR Group, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland

Portugal

DPR Group, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal

Romania

DPR Group, World Trade Centre, Piata Montreal no 10, Entrance F, 1st Floor, Sector 1, Bucharest, 11469, Romania

Slovakia

DPR Group, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia

Slovenia

DPR Group, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia

Spain

DPR Group, Puerta de las Naciones, Ribera del Loira 46, Madrid, 28042, Spain

Sweden

DPR Group, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden

United Kingdom

DPR Group, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom

PLEASE NOTE: when mailing inquiries, it is essential that your mark your letters for ‘DPR Group’ and not ‘Whosonlocation Limited’, or your inquiry may not reach us. Please refer clearly to Whosonlocation Limited in your correspondence.

On receiving your correspondence, Whosonlocation Limited is likely to request evidence of your identity, to ensure your personal data and information connected with it is not provided to anyone other than you.

If you have any concerns over how DPR Group will handle the personal data we will require to undertake our services, please refer to our privacy notice at https://www.dpr.eu.com/legal-privacy.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request