Matching results

GDPR FAQ

What is the GDPR?

The GDPR is an EU regulation about the personal data protection which will go into force on May 25, 2018. The regulation requirements can be organized in 3 topics:

  • Legal: about the relation with 3rd parties (suppliers, affiliates, transfer, …), end user rights management like modification, erasing or exporting requests or the election of Data Protection Officer (DPO), whose the mission consists of ensuring his employer or customer respects regulations when using data for commercial and internal purposes.
  • Organizational: Define a role for each employee which must access to the personal data for which purpose, define policy and train your employees about what data privacy means, organize your company to be ready to notify any breach to the end users and the supervisory authority.
  • Logical & physical security: check access to the services and machines, test your services against attack with penetration and vulnerability tests, encrypt your data, ensure the business continuity by writing a Disaster Recovery Plan.

How will I be impacted?

As a user of AirVantage, there is no impact on your daily use of AirVantage. You have already access to all of your data, personal data included. You can change the information about you through Account Management. Have a look to this short tutorial .

We are reviewing our affiliates and suppliers to check their compliance with the GDPR.

We are working on improving the quality and the transparency of the information about how we process the personal data. Any such data are collected and used to supply our services and are not disclosed to any 3rd party organization (other than our affiliates and suppliers).

If your project aims to collect personal data about EU citizen with your devices, you must be compliant with the GDPR.

Please contact your Sierra Wireless sales representative if you have any question about the GDPR and our services.

How can I know if my project is impacted by the GDPR?

If you process (collect, store, use, modify, transfer, …) “any data related to an identified or identifiable natural person […] directly or indirectly” from your devices, you may be compliant with the regulation as soon as the people are UE citizens, wherever you are (in or outside the EU). About the supplier’s contract, feel free to come back to us. For example, you store in a database information about module’s serial number and a physical person identified by the name, you collect latitude and longitude of your device which is in a car, a shoe, your solution and your organization must be compliant with the GDPR.

In this case, you are the controller (you control the purpose of the data) and Sierra Wireless is a processor (the supplier which helps you to process the data).

My project collects personal data, what I have to do?

First you must write a Privacy Impact Assessment (PIA). Have a look to the French supervisory authority documentation and use a tool supplied by the CNIL to help you to document your data processing.

As a controller, you must check that each supplier is compliant with the GDPR by adding an addendum to your contract which clarifies your instructions about how the supplier can process your personal data.

Please come back to your sales manager to process consequently.

Does this apply to me if I’m in North America/outside the EU?

As soon as a company established outside the EU is offering goods/services (paid or for free) or monitoring the behavior of individuals in the EU, regardless of where the data is processed, the GDPR must be applied. If your are in North America, you have to be compliant with the EU+US privacy shield as well.

How can I contact your Data Protection Officer?

You can contact our DPO by sending an email to our DPO

Any other question?

Check the GDPR section in the European commission web site.

TOP