Searching...
GDPR FAQ
What is the GDPR?
The GDPR is an EU regulation for personal data protection that went into effect on May 25, 2018. The regulation requirements can be organized in three topics:
- Legal:
- Relationships with third-parties (suppliers, affiliates, transfer, etc.).
- End-user rights management (modification, erasing, or exporting requests).
- Election of a Data Protection Officer (DPO) to ensure their employer or customer respects regulations when using data for commercial and internal purposes.
- Organizational:
- Defining roles for each employee who must access personal data for specific purposes.
- Defining policies and train employees about what data privacy means.
- Preparing a company and supervisory authority, to notify any breaches to end users.
- Logical & physical security:
- Check access to services and machines.
- Test your services against attacks using penetration and vulnerability tests.
- Encrypt your data.
- Ensure business continuity by writing a Disaster Recovery Plan.
How will I be impacted?
As a user of AirVantage, there is no impact on your daily use of AirVantage. You already have access to all of your data, including personal data. You can change your information through Account Management. Have a look at this short tutorial .
We are reviewing our affiliates and suppliers to check their compliance with the GDPR.
We are working on improving the quality and the transparency of the information about how we process personal data. Any such data is collected and used to supply our services and are not disclosed to any third-party organization (other than our affiliates and suppliers).
If your project aims to collect personal data about EU citizens with your devices, you must be compliant with the GDPR.
Please contact your Sierra Wireless Sales representative if you have any question about the GDPR and our services.
How can I know if my project is impacted by the GDPR?
If you process (collect, store, use, modify, transfer, etc.) “any data related to an identified or identifiable natural person […] directly or indirectly” from your devices, you may need to comply with the regulation if that person is an EU citizen, regardless of where you are located (in or outside the EU).
For example, you store a database of module serial numbers and a physical person identified by the name. You collect the latitude and longitude of your device which is in their car, a shoe, etc.
In this case, your solution and your organization must be compliant with the GDPR. Here, you are the controller (i.e., you control the purpose of the data) and Sierra Wireless is a processor (the supplier that helps you to process the data). Please reach out to discuss the supplier contract you have with us.
My project collects personal data, what do I have to do?
First, you must write a Privacy Impact Assessment (PIA). Have a look at the French supervisory authority documentation and use a tool supplied by the CNIL to help you to document your data processing.
As a controller, you must check that each supplier is compliant with the GDPR by adding an addendum to your contract, which clarifies your instructions about how the supplier can process your personal data.
Please discuss this with your Sales Manager to handle it accordingly.
Does this apply to me if I’m in North America/outside the EU?
As soon as a company established outside the EU is offering goods/services (paid or for free) or monitoring the behavior of individuals in the EU, regardless of where the data is processed, the GDPR must be applied. If you are located in North America, you have to be compliant with the EU+US privacy shield as well.
How can I contact your Data Protection Officer?
You can contact our DPO by sending an email to our DPO
Any other question?
Check the GDPR section in the European commission web site.