MantisHub, like thousands of companies out there servicing EU citizens, have been preparing for the new EEA legislation around data privacy aka General Data Protection Regulation (GDPR).
Data privacy has not had this level of attention and stringency in decades. Now the EU has taken the lead and a huge step forward in making service providers accountable for the personal data that they collect as well as giving EU citizens (and by extension much of the rest of the world) more rights and greater control over their personal data and how service providers use it and store it.
As well as defining a high level of security and protection of personal data, the legislation included specific rights for EU consumers including:
- Right of Access: Find out what kind of personal information is held about you and get a copy of this information.
- Right of Rectification: Ask for your information to be updated or corrected.
- Right to Data Portability: Receive a copy of the information which you have provided under contract so that you can provide that information to another organization.
- Right to Restrict Use: Ask for your personal information to stop being used in certain cases, including if you believe that the personal information about you is incorrect or the use is unlawful.
- Right to Object: Objecting to use of your information (where a party is processing it on legitimate interest basis) and to have your personal information deleted.
- Right to Erasure: In certain circumstances, you may also have your personal information deleted.
The GDPR also defines roles and responsibilities of all parties in regards to collecting personal data. Data Controllers are the primary collectors of personal data from a data subject and have a responsibility to respond to any requests by a data subject to exercise their rights under GDPR. Data processor are anyone who process the information on behalf of the Data controller and they have to make sure their systems are secure and that data controllers can fulfill requests from data subjects in regards to controlling their personal data. So for example if Joe Blow asks to have all his personal data erased, that data needs to be erased from all storage in a timely manner, no excuse.
So there is onus on data controllers and data processors to protect your privacy, the goal being to ensure systems are developed with consumers privacy in mind or “Privacy by Desgin” principles.
These responsibilities translate to MantisHub and our service in the following way.
- For information gathered on account owners and potential customers when offering our Issue tracking and Helpdesk services, MantisHub performs the role of data controller and are required to respond to any requests from account owners.
- For information stored in customer MantisHub services (customer content) which may be personal data, the account owners are the data controllers and MantisHub is the data processor. This includes information like registered user details (real name, email address) or data collected and added to your MantisHub issues which can identify an individual. Account owners are responsible for responding to GDPR requests regarding this data and MantisHub must ensure they have the tools to fulfill these requests and making sure the data is secured.
In preparation for GDPR and to help our customers also become GDPR compliant, MantisHub have made a number of changes. We have:
- audited how Personal Data is processed by MantisHub and determined how it is stored, used and how long it is retained.
- ensured automatic deletion of customer content after 30 days from when your account subscription expires or is cancelled.
- produced GDPR compliance documentation on our website to advise how we protect your data and allow for our customers to become GDPR compliant. This includes a list of our 3rd party, GDPR compliant providers.
- provided a guide on how to exercise your GDPR rights.
- updated some of our security procedures and included information in our security FAQs documentation.
MantisHub is proud to continue offering a secure, reliable service to our many EU customers as well as those throughout the world. We take customer privacy very seriously. We never sell or share your data and only use it to provide you with the best possible service. So be at ease :).
Thank you for being a part of the MantisHub community! We’re here for you so if you have any questions about GDPR or other, don’t hesitate to reach out to our team!