GDPR Compliance
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new directive from the EU that affects how companies collect and process their customers personal data. GDPR will come into effect on May 25, 2018, by which point all businesses in the EU have to become compliant.
Who does the GDPR apply to?
Every businesses that operates with clients in the EU or outside it (that process or store personal data of EU citizens)
SecureNative and GDPR compilance?
Setting your privacy email address
In the SecureNative console, log into your SecureNative account and go to: project -> project details -> privacy email and enter your company's privacy email address.
This email address must then be verified, once you have saved and verified an email address,any data request that was submited to SecureNative results to that email address.
User Data Access
In compliance to Art. 15 GDPR Right of access by the data subject that states that users have the right to request access to their personal data. If you receive this request from your user, you may also need to forward the request to your vendors, such as SecureNative, so that the vendor can provide data related to this user as well.
User Data Access Requet API
To submit a User Data Access Request, you need send a POST request without a body to the endpoint described below. You will need to authenticate the request with your SecureNative project API Key.
Upon receiving a request, we will match all records that are associated with requested user and will send an email to your privacy email address with link. The email will contain a download link to filewith all the information that will expire after 12 hours.
curl -X POST \
'https://api.securenative.com/console/api/v1/privacy/users/USER_ID ' \
-H 'Authorization: API_KEY' \
-H 'Host: api.securenative.com'
Parameters
| Parameter | In | Type | Required | Description |
|---|---|---|---|---|
| USER_ID | param | string | The user identifier |
Responses
Overview
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 202 | Accepted | A successful response. | servicesClassifyOutput |
| 400 | Bad Request | Returned when there is a bad request. | httputilHTTPError |
| 401 | Unauthorized | Returned when the resource unauthorized. | httputilHTTPError |
| 404 | Not Found | Returned when the resource does not exist. | httputilHTTPError |
| 500 | Internal Server Error | Returned when there is a internal server error. | httputilHTTPError |
Successful response
202
User Data Removal
In compliance to Art. 17 GDPR Right to erasure (‘right to be forgotten’) that states that users have the right to request that all their data be permanently purged. If you receive this request from your user, you may also need to forward the request to your vendors, such as SecureNative, so that the vendor can purge that user's data too.
User Data Removal Requet API
To submit a User Data Removal Request, you need send a DELETE request without a body to the endpoint described below. You will need to authenticate the request with your SecureNative project API Key.
Upon receiving a request, we will match all records that are associated with requested user and will permanently remove all data from our system. The email with confimation will be sent upon compleation of this operation.
curl -X DELETE \
'https://api.securenative.com/console/api/v1/privacy/users/USER_ID ' \
-H 'Authorization: API_KEY' \
-H 'Host: api.securenative.com'
Parameters
| Parameter | In | Type | Required | Description |
|---|---|---|---|---|
| USER_ID | param | string | The user identifier |
Responses
Overview
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 202 | Accepted | A successful response. | servicesClassifyOutput |
| 400 | Bad Request | Returned when there is a bad request. | httputilHTTPError |
| 401 | Unauthorized | Returned when the resource unauthorized. | httputilHTTPError |
| 404 | Not Found | Returned when the resource does not exist. | httputilHTTPError |
| 500 | Internal Server Error | Returned when there is a internal server error. | httputilHTTPError |
Successful response
202
Personal data breaches
In compliance to Art. 34 GDPRCommunication of a personal data breach to the data subject that states that vendors shall notify your users without undue delay and at the latest within 72 hours about any breach of security that occurs which might lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed (personal data breaches), you may also need to forward the request to your vendors, such as SecureNative, so that the vendor can insure that user information of your users stays protected.