The General Data Protection Regulation launch date of May 25th, 2018 comes after six years of revision since the European Union started drafting the legislation in 2012. The EU GDPR seeks to increase the data security, anonymity and right to erasure of European Union citizens, and is a landmark update to data security replacing the decade old Data Protection Directive. GDPR guidelines for data processors and controllers intend to make data security regulations more relevant, all-encompassing, and understandable for those they affect.
The protection of data under GDPR affects businesses that operate within the European Union as well as businesses that service customers that are citizens of the European Union. Webgility acts as a processor of data under GDPR guidelines, passing data that is originated and has its purpose dictated by a controller. Webgility’s objective as a processor of data is to assure that:
This doesn’t change the way we have processed your data, or the rights users have always had with Webgility, but standardizes the way we talk about security.
As a processor of data, Webgility is very transparent with data we use and how we use it. All data entered by the user to complete actions like connecting a store, or data we download from controllers, like order details, are visible and strictly accessible within that user’s account. The removal or request to remove this data by a user can come in two forms, either a "Soft" delete or a "Hard" delete.
Note that because Webgility is a processor of data and not a controller of data, inquires into the data made available to Webgility by connected controllers is within the sphere of influence of the controller and must be brought to the controller’s attention to make modifications. Essentially, as a processor, Webgility only has access to data permitted by the controllers of the data source, and any questions or actions pertaining to allowing the transmission of that data are to be decided by the user and the controller, the processor then abides by the decision.
A soft delete in context of Webgility’s software and service can be defined as:
A hard delete, permanent deletion, complete erasure can be contextually defined as:
Examples of user actions that cause a soft delete and the data removed by those actions includes:
Hard deletion or complete erasure happens in two specific cases:
Webgility upholds data security and rights as a core value in establishing a transparent relationship with users. Please reach out to us with any questions about GDPR or other data security in our systems.