European Data Protection Directive
|The European Data Protection Directive 95/46/EC of 1995 applies to the application and all stored data as:|
1. data is fairly and lawfully processed.
2. data is processed for limited and specific purposes.
3. data is adequate, relevant and not excessive.
4. data is accurate and up to date.
5. data is not kept for longer than is necessary.
6. data is processed in line with peoples rights.
7. data is secure.
8. data is not transfered to other countries without adequate protection.
Right to be forgotten:
|This is just another way to describe current data protection rules as to delete data that is: inadequate, irrtelevant, no longer relevant or excessive. Inadequate data is worse than no data, Incorrect data is worse than no data. Irrelevant data is worse than no data. Excessive data has always been illegal. Data must be destroyed when it becomes irrelevant.|
People have the right to ask:
|1. What information is being used.|
2. Why is it being used.
3. Where did the information come from.
4. Who can see the information.
5. Who and when has the information been used.
6. When was the information last used.
7. When will the information be destroyed.
|To create a cookie with a life of 99 years may be illegal because that would out-live the age of the device and of its owner. If a cookie is created with a life of more than 10 years, then it may be illegal and a 5 year life may become the maximum acceptable. Examples of cookies with a 9999 year life have been identified and are clearly illegal.|| |
1. Fairly and lawfully processed:
|Data provided by a client shall not be repackaged and provided (or sold) to other parties, except for the delivery of the clients express business requirements. Each clients expectations for the use of data shall be implemented without exception.|
2. Processed for limited and specific purposes:
|Data is entered and recorded for the single and only purpose of providing a quotation and conducting business. Claims and accounting data is recorded for a persiod of at least seven years in conformance with applicable European finance laws.|
3. Adequate, relevant and not excessive:
|Only the data needed to provide and service the application customer/client is stored. Every data has the single exclusive purpose of providing service chain providers with adequate customer/client information so the correct service can be offered and provided. Data is not harvested to provide an ancilary database of locations, marinas, places, vessels, motors or for any other reason that to provide services in accordance with the customer/clients expectations.|
4. Accurate and up to date:
|Data quality is maintained with the use of permitted values in drop down lists for all critical data. The user, date and time of each and every field value change is recorded so obsolete data can be automaticlaly destoyed.|
5. Not kept for longer than is necessary:
|No data can be lost or deleted. All data is retained for a period of at least seven years in annual archives. Where data has not been used or changed for a period of more than seven years, then it is automatically destroyed without any human interaction. Where client data is provided for quotation purposes only, it is only retained for three years before it is automatically destroyed.|
6. Processed in line with peoples rights:
|Data access control is implemented in accordance with authorized peoples assigned security role where they can generally only process their own data or have read-only access to shared data. The moment that a persons access control role is revoked, they instantly loose access to any data they they may have authored.|
7. Is secure:
|customer data can only be accessed by authorized people working from approved offices between certain hours of each day and for certain days of the week. Sign-in security facilities match best practice and all data access is continually monitored to identify and eliminate unusual behaviours.|
8. Not transfered to other countries:
|Data protection registration Z9322564 covers application data stored and accessed in the UK, European Union, United States and Canada, but not any other country. All data is securely stored in encrypted databases in distrubuted European tier-iv data centres in conformance with PCI-DSS. Data may be viewed by an authorised person who is working from a different European country, but data cannot be viewed from any country outside of Europe.|