GDPR – What You Need to Know
The General Data Protection Regulation (GDPR) is the largest expansion of privacy laws in the EU/UK in 20 years, and harmonizes all data privacy laws across Europe. StarRez welcomes these changes and ensures full compliance when the GDPR becomes law. Our goal is to maintain your trust and confidence when handling your data, and that of your customers. StarRez promises to protect the individual’s right to privacy, and implement safeguards that prevent the misuse of private information.
“The protection of our customer’s data and privacy is of the utmost importance at StarRez. The completion of our GDPR assessment will further enforce that commitment.”
Rafe Hart, Development Manager at StarRez
Who does it apply to?
The laws apply to any institution doing business with EU and its citizens, such as accommodation providers accepting residents from those countries. The laws began to be enforced on 25th May 2018.
What is StarRez compliant to?
StarRez is committed to meeting the legislated privacy requirements in all the countries in which it operates, and in particular the US, UK, and Australia. These include:
- US Federal Trade Commission Act, FERPA, and applicable state laws
- EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework
- EU General Data Protection Regulation (GDPR)
- Australian Privacy Act 1988
How is this achieved?
We undertake a wide range of actions year round to maintain good security and privacy, and you can read about them in depth by reviewing our GDPR Whitepaper. In brief, we do this by:
- Providing our customers with trusted, high security environments, compliant to PCI DSS standards, which are monitored for security events 24/7
- Encrypting the data at rest and in transmission using strong encryption protocols
- Engaging external security consultants to provide quarterly vulnerability scanning and annual penetration testing
- Restricting access to data only to those with a valid business reason, and for limited periods
- Meeting all GDPR requirements for rights to access, rectification and erasure
What are the penalties if you are not compliant?
The maximum penalty for infringing these laws is the greater of €20 million or 4% of worldwide turnover, in addition to any action by the subjects to whom the data concerns. If an institution has a physical presence in the EU, GDPR fines can be enforced directly by any of the EU member states.
What do you need to do?
Customers in the EU need to sign a copy of Model Contract Clauses with StarRez, so that we can provide you with support from our teams in Australia and the US. Customers outside the EU do not need to sign these documents with us, but will enjoy the same levels of protection from our systems and processes.