User Tools

Site Tools


privacy_data_protection_and_gdpr

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
privacy_data_protection_and_gdpr [2018/08/16 18:55]
lucy
privacy_data_protection_and_gdpr [2019/03/06 13:15]
lucy
Line 3: Line 3:
   * **Where is LUCY storing and processing data?** This information can be obtained by finding out where the data is being hosted. Lucy can be installed On-Site or on a cloud server. If installed on a cloud server, all data is stored on that specific server.   * **Where is LUCY storing and processing data?** This information can be obtained by finding out where the data is being hosted. Lucy can be installed On-Site or on a cloud server. If installed on a cloud server, all data is stored on that specific server.
  
-  * **Where is data sent?** It’s also important to remember that data can be moved around between an app’s different data centres. That depends on the feature used in LUCY. As you can see in [[network_communication_-_lucy_--_internet|this chapter]], LUCY uses some connections to centralized servers (e.g. update server). But no personlized infomation ​that falls under GDPR ever gets transmitted.+  * **Where is data sent?** It’s also important to remember that data can be moved around between an app’s different data centers. That depends on the feature used in LUCY. As you can see in [[network_communication_-_lucy_--_internet|this chapter]], LUCY uses some connections to centralized servers (e.g. update server). But no personalized information ​that falls under GDPR ever gets transmitted.
  
-  * **Data processing agreement**: ​Once a user knows that LUCY is being used in their organisation,​ they should close a data processing agreement (could be mailed to the users as part of the awareness campaign) with the client to make sure they follow the GDPR’s data privacy protection requirements. In this agreement, it’s important to specify that the application only collect the personal data necessary for the cloud to function. But there should be limits on the ‘special’ data (information revealing religion, race, political persuasion etc.) collected. This can be controlled with the [[add_mail_recipients|attributes in the recipient list]].+  * **Data processing agreement**: ​Please visit this [[company_application_and_data_security|chapter]]
  
  
-  * **Protecting personal data**: It is crucial for users to have good security measures in place to protect personal data against alteration, loss and unofficial processing. Lucy encrypts the data and offers many possibities ​to [[security_considerations|secure ​the access to the data]]. But this hardening must be done by the LUCY client.+  * **Protecting personal data**: It is crucial for users to have good security measures in place to protect personal data against alteration, loss and unofficial processing. Lucy encrypts the data and offers many possibilities ​to [[security_considerations|secure access to the data]]. But this hardening must be done by the LUCY client.
  
  
-  * **Collecting personal data**: In certain countries (e.g. Germany), you are not allowed to collect ​personlized ​data (e.g. who failed a phishing simulation and who did not pass a training). In such a case you need to [[confidentiality_of_campaign_data|enable anonymous mode in LUCY]].+  * **Collecting personal data**: In certain countries (e.g. Germany), you are not allowed to collect ​personalized ​data (e.g. who failed a phishing simulation and who did not pass a training). In such a case you need to [[confidentiality_of_campaign_data|enable anonymous mode in LUCY]].
  
  
privacy_data_protection_and_gdpr.txt · Last modified: 2019/07/25 12:50 (external edit)