Brief on GDPR, PII and Block 64
Does Block 64 collect, process or handle any Personally Identifiable Data (PII) or Personal Data in the course of their work?
The only personal data collected during the course of our work are:
- user name
- first name
- last name
- email address
The above data points are collected during the polling of Active Directory (either on-premise or Azure-based), Azure and/or M365. These options can be disabled manually by the customer, at the time of deployment, or post-deployment, which withdraws consent and destroys the data in question permanently.
For reference, the GDPR defines personal data as the following:
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Is Block 64 GDPR Compliant?
No. At present, when AD data is collected it is not "pseudonymized", which is a requirement of GDPR. That feature is on the Block 64 development roadmap.
Who is your Data Protection Officer?
James Corless (email@example.com) is currently the appointed DPO at Block 64, and works with the team to ensure regular and systematic monitoring of data subjects on a large scale.
The Right to be Forgotten
The small amount of Personal Data that may be gathered during Block 64's work can be deleted at any time via a consent withdrawal request by our customers. Also, at the software level, choosing to cease collection of User Data (an option available in the BlockBox settings) would constitute a withdrawal of consent, and result in the permanent destruction of this data.
Does Block 64 have a data protection policy which guides their employees in how to keep personal data secure?
Yes. Our policy is available upon request and is communicated to all employees on an annual basis.