General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) comes into effect on May the 25th 2018, MyHub is GDPR compliant.
Data Controller vs Data Processor
Because you own the data; you, the client, are the data controller. This means you will have certain obligations to meet under GDPR. For example, how you are using personal data stored in MyHub across your wider business operations. Personal data may include your customers’ information being stored in MyHub, or personal information contained within MyHub user profiles.
As your trusted cloud intranet provider, MyHub is a data processor. We have an obligation to store your data securely and to provide a service that allows you to comply with the GDPR. For example, providing the ability to respond to requests from data subjects to correct or delete personal data.
Whether you are using MyHub to store customer information, or you want to ensure your own employee (MyHub user) data is protected, MyHub supports GDPR compliance in the following ways.
- Encryption: All connections to your intranet are encrypted with modern cryptography. Each page and file access is encrypted and authenticated using AES_128_GCM using DHE_RSA as the key exchange mechanism.
- A resilient service: Our services are architected for multiple levels of redundancy. This allows for multiple service failures while still being able to provide a service to clients. MyHub service availability is continuously monitored by third-party partners.
- Breach Communications: In the event that data is breached while it resides in MyHub, we ensure that affected individuals and relevant supervisory authorities are communicated to within 72 hours of a breach being detected.
- Administrative rights: The MyHub service provides a rich permissions model and strong access controls. Our administrative functionality provides customers with a simple means for the amendment and removal of user’s profile information.
- Validated suppliers: We validate all third-party suppliers, including our hosting partners, to ensure they too will comply with the GDPR.
The GDPR sets out to harmonize data privacy laws for EU residents. As the data controller, you are responsible for meeting obligations surrounding the capture, use and management of an individual’s personal data. This may include your customer’s information and information relating to your own employees.
How You Can Access, Change Or Remove Your Personal Information
You understand that by signing up for a MyHub site or by being added as a user to a MyHub site by your administrator/s, those who access your MyHub site will be able to identify you by your MyHub profile. You may view, change, or remove your profile information displayed on your site at any time by logging on and clicking the Edit Profile link at the top of the page and editing your information.
If you want to stop using Your MyHub account, you may request that your subscription is canceled by using the contact us form. When you cancel your MyHub site account, you will not be able to use your MyHub sites and your information will not be capable of being viewed through the site. However, even after you deactivate your account, copies of your information including but not limited to name and email address may be retained by us as backup copies for legal and compliance reasons.
Personal Data Breach Notifications
As a data processor, in the event of a data breach, we will notify the controller without undue delay after becoming aware of a personal data breach. Notifications will be sent to the email address attached to the initial administration user setup when you signed up for your MyHub intranet site.
MyHub has formed a cross-functional GDPR compliance team. The team is responsible for ensuring all aspects of MyHub's operations meet the requirements of GDPR; from how we access and manage our own data, to auditing suppliers, and building features that support or client's GDPR requirements.
If you have any further question, please contact us.