Regpack has always been committed to data security as well as your privacy and your users privacy.
What is the GDPR?
GDPR is a new EU regulation that intends to strengthen and unify data protection and protect everyone’s fundamental right to privacy and protection of their personal data.
To that end, we have made some updates to our security and data processes in order to ensure full compliance with GDPR.
Please note that these changes are in place for ALL Regpack clients, not just European clients. While compliance isn’t required for organizations who are not based in the EU and don’t have users in the EU, we believe these updates benefit everyone and we can all enjoy extra data protections for our businesses.
Furthermore, if you have information of only one EU citizen then the GDPR rules apply to you. Since many times it is not possible to know all citizenship of your users we are applying the rules to all organizations using Regpack.
Below is a short summary of the changes we’ve made:
The updates to these policies lay out more clearly how Regpack uses data we receive as well as your relationship with Regpack.
Nothing major has changed, we still think the data is yours, we have never and will never sell your personal data, or your user’s personal data. Actually, we will never use your data or your user’s data for anything at all.
Regpack Security Page
Our Security page is updated with our security protocols and how we encrypt data to protect sensitive personal information. You can view that here.
Data Deletion Tool
In compliance with GDPR, any user can request their data be deleted from your systems. This must be done within 1 month of their request, free of charge. We are rolling out a tool in the coming weeks that will allow you to purge a user’s data upon request of that user.
Please note that once data is deleted, you cannot retrieve the information and it is lost forever. Please be careful when using this tool.
Please note that further to the GDPR requirement of only holding data you need, if you cancel your Regpack account, all data including ALL user data, will be purged IMMEDIATELY upon confirmation of cancellation.
Data Processing Agreement – Your Action is REQUIRED
In the coming days all Regpack account owners will be asked to sign 2 documents:
- Data Processing Agreement: this document lays out the data protection measures Regpack has taken and what data protection measures you are required to take.
- Service Agreement: this is the same service agreement you received when onboarding. It has been updated with additional language regarding data security.
We must have these agreements signed in order for your account to remain active. Once signed, you can view the agreements at any time under Settings → Bill for further reference.
Regpack Employee Access
According to GDPR regulation, data should only be exposed to individuals that are allowed to view it. To that end, Regpack will be updating it’s internal permissions and Regpack employees will be limited to the scope and type of data they have access to. This includes, but is not limited to, the inability to export any type of report, viewing user data without consent and other secure measures.
Admin Account Security
Further to the GDPR requirement that data is exposed only to people that need to see it, Regpack will be enhancing its admin login security measures to make sure that your account is always safe and that no data can get into the wrong hands.
In the coming days, the system will be updated to include an advanced algorithm for possible account security threats. If a potential security issue is detected, you will need to approve your access to the system by issuing a code that will be sent to your admin email. This 2 step verification will happen every time the algorithm detects a possible problem.
Please note that when activated, the algorithm might ask you to complete the action regardless of a possible threat just to calibrate itself according to your usage patterns. Please note that if the algorithm detects a repeated threat to your admin account, it will lock it down for manual investigation. This is done to protect you and your user’s data.
Once in a while, Regpack will send you informational emails regarding updates to the system and other product updates. Please note we never send any communications to YOUR users. If you do not wish to get informational emails and system update emails we allow to unsubscribe from them easily simply by telling us. If you prefer not to get this information simply email “firstname.lastname@example.org” and we will take you off the list.
As always, Regpack is committed to your success. We take the security of our product, as well as you and your user’s data very seriously. We believe that you should control your data and we have always believed that users should be given the option to control their data. It is theirs after all. GDPR makes this mandatory to all systems gathering information.
These changes might take time to get used to but they are for a very good cause so we believe it is worth the temporary discomfort.
If you have any questions, please don’t hesitate to contact us.