GDPR Spatineo Information Security kuva

EU is launching a new law related to information security which becomes effective on May 28th 2018. Spatineo is currently updating company’s information security evaluation reports to comply with the law. There are many things to take into consideration and this law, GDPR,  will give our customers many rights regarding their personal information.

This GDPR law concerns personal information. Personal information is considered to be for example

  • Log information
  • Location information
  • Emails
  • Or anything else that can be linked to a living person

The building and updating is quite a big and time consuming process. But we are focusing to this tasks because it will be beneficial not only to our customers, but for us too. With these reports we can follow and update the information security of customer records. For us, this law means also better personal information security from our partners and associates.

How Does Spatineo handle Information Security?

We are updating our information security reports to give to our customers detailed information on how we handle, collect, preserve and share all the data of our customers. The law requires us to define our information security chief and also, the responsibility on how we use the data. Plans for security breaches are good to have just in case, even though it’s a minor risk.

Spatineo Monitor produces usage analytics information for our customers. In short this means that we produce statistics on how our customers’ spatial web services are being accessed, which countries their end users are from etc. This analysis is done based on IP address information that is included within log files we process for our customers.

Some IP addresses can be used to identify a single person, and therefore we must consider IP addresses in log files as private information. However we have never identified or analyzed the activities of individual end users of spatial web services and therefore do not require full IP addresses to provide our services. This is why we are providing a tool that will anonymise the log files. The anonymisation is done before files are sent for processing to avoid both sending and storing private information. This helps protect the private data of all citizens using spatial web services.

What are the rights then?

Customers and interest groups are entitled to and has the rights to know all the information we collect, have and preserve. Customers are also entitled to receive detailed information on how personal information is handled in Spatineo.

Customers are entitled to:

  • Prohibit the usage of information
  • Correct the wrong information
  • Restrict used information
  • Resist the handling of information
  • Transfer personal information to another register
  • Resist any automated decisions
GDPR Spatial data - Spatineo

What happens next?

After updating our reports we will publish those on our website. At this moment everyone can check our privacy policy for the web site of Spatineo Inc. We will inform our progress on our website.

Does Our Customers Need to Take Any Action?

The answer is no. We will do all the required updating regarding handling information and then publish it on our website for everyone to study. Our customers can just sit back and relax, and be confident that the information security is our top priority mission.