The General Data Protection Regulation
comes into force on 25 May, 2018, and will profoundly change the way data from European citizens is collected and used.
The online invoicing software InvoiceXpress complies with the General Data Protection Regulation. This means that when using our program, all your information is safe and in compliance with this new regulation.
#### What is the GDPR?
It is a Community regulation, approved in 2016, which aims to protect individuals regarding the processing of personal data and the free movement of such data.
This regulation determines how individuals and companies themselves can obtain, use, store and delete personal data. In other words, it aims to prevent the non-consensual use of European Union consumer data.
#### To whom does it apply?
This new regulation (GDPR) applies to all entities from European Union (EU) countries and to all non-EU entities that collect, store and process personal data from European citizens. In this way, the consistency of rules on citizens' privacy rights across countries is ensured.
Fines will be imposed depending on the seriousness of the breaches of the regulation. For less serious violations, fines could be in the amount of €10 million or 2% of world turnover. In the case of the most serious violations, the value rises to 20 million euros or 4% of the world's turnover.
#### Main changes to this regulation:
Of all the main changes to the protection of personal data, the new rights that European citizens now enjoy are the ones that stand out the most:
1 - **Right to limitation of treatment** - possibility for the data subject to request for the processing of their data to be restricted.
2 - **Right to portability** - possibility for the data subject to request that the controller communicates his data to another entity.
3 - **Right to data erasure** - possibility for the data subject to request for his/her data to be erased.
In short, citizens can and should have the right to transparency about the use of their personal data after it has been collected by companies. Furthermore, they may request that their data be updated.
In addition to these rights, the big news of the GDPR is the way in which consent should be requested in order to use citizens' personal data. This consent should be made through an _opt-in_ or a positive action by the citizen so that it is considered legal, in the light of the GDPR.
Practices such as pre-marked _checkbox_ and _opt-out_ actions, that is, practices in which clicking on a button automatically accepts the Terms and Conditions
are prohibited starting May 25, 2018.
In summary, new rights imply a profound change in the way users' data are collected, a change to the terms and conditions and a renewal of the consent requests to the contacts previously raised.
#### Processing and control of citizen data
The GDPR defines two types of roles regarding the use of European citizens' data.
The functions are:
• **Controller (_Data Controller_)** - Corresponds to the organization that defines how and for what reason the data is processed, that is, it determines the purposes and means of processing personal data.
• **Processor (_Data Processor_)** - Organization, software or person that processes personal data on behalf of the controller.
#### What are the responsibilities of controllers?
According to Article 26 of the GDPR
, the _Data Controller_ is responsible for demonstrating compliance with the principles relating to the process of personal data.
#### What are the processors' responsibilities?
The _Data Processor_, according to Article 28 of the GDPR
, must ensure sufficient guarantees of implementation of appropriate technical and organizational measures so that the data processing meets the requirements of this regulation and ensures the protection of the rights of the data subject.
### **InvoiceXpress GDPR compliant**
InvoiceXpress, as _Data Processor_, is responsible for ensuring that data processing is carried out in a transparent and secure way and that it complies with what is stipulated in the RGPD. We can guarantee that both InvoiceXpress and the partners we associate with are GDPR compliant.
We commit to:
- List all applications and partners used for data processing, as well as their purpose.
- Make available for _download_ a document related to the sub-contracting of the InvoiceXpress service for any user who needs this document.
- Make marketing communications even more transparent and indicate the frequency of sending them, whether they are product news and legal updates from the Tax Authority, or exclusive offers, courses and webinars. Learn More
If you have any questions about GDPR and InvoiceXpress, we recommend that you contact our customer support team