This post is important for all our customers
- Based in Europe
- That have – or would like to have – European citizens as their students/customers/clients.
And all non-customer might also be inspired by this small introduction.
New law as of May 25th 2018:
As you already might have heard EU decided in 2016 to introduce a new
“General Data Protection Regulation” – GDPR
The regulation is trying to limit the spread of personal information and introduces demands for companies, that handle “personal information” to start a review process similar to compliance.
This new regulation will become active as of May 25th 2018 and if you don’t comply
your company can get a fine on up to 4% of your turnover – max at €20 mill.
So they take this regulation very seriously!
The GDPR uses 2 terminologies that are important when working with FlightLogger.
This is you: the company who is the primary responsible for who & how the personal data for your european students are handled
This is us: A company that – amongst others – do reports based on the data entered by you.
Data Controller agreement
It is FlightLoggers belief that every academy that would like to educate European citizens will need to create a special contract with the students. As an example the EASA law states, that you have to save the data for a students eduction (gradings on lessons etc.) for at least 5 years. This is actually a stronger requirement, than what GDPR would evaluate as “reasonable”. Hence you need the student to sign an agreement, where they accept this – and some more 🙂
Naturally each academy might also have a lot of other data and data processes on a student that might be outside of FlightLogger.
So each “Controller” is required to build their own “GDPR compliance” process.
This process is required to be reviewed on a continues basis.
Data Processor agreement
The GDPR also requires that all Data Controllers create agreements with all their Data Processors.
FlightLogger will help you here!
As we notified you about back in November 2017
we have already taken the first steps in being compliant with the GDPR.
Back then our servers were moved to “inside EU” location – simply to make the handling of GDPR easier.
FlightLogger is currently working with a large Danish law firm to create a common Data Processer agreement.
It’s not as complicated as the Data Controller agreement.
FlightLogger expects this agreement to be completed within 1-2 months.
Before May 25th 2018 we will need everyone to agree to this new Data Processer Agreement in order for FlightLogger – and your company – to be compliant with the GDPR.
We will get back to you later with information about how this will be done, but we expect it to be a simple “Accept” button, that you can click on from inside FlightLogger.
If you haven’t already started on this process – it’s really important, that you start to work on this.
There is a lot on information to be found by searching Google for GDPR!! 😉
The main site for GDPR is: https://www.eugdpr.org/
But we recommend that you have a chat with your law firm, since FlightLogger is not able to help you in this area.
Most law firms within EU have already been holding free seminars regarding the requirements on GDPR,
so there is now a lot of law companies that would love the opportunity to help you out.