On May 25, 2018, the European Unions General Data Protection Regulation (GDPR) will take effect. Logaholic has always been fully committed to data protection, ownership and transparency and is fully compliant with the new GDPR rules.
As a web analytics company that offers both hosted and self-hosted solutions, it’s important for Logaholic users and customers understand each others roles and responsibilities when it comes to data protection.
First of all there is the relationship between Logaholic and the users of the Logaholic software (our customers). Our interactions with you are covered by our updated Privacy Policy, Terms of use, and the new GDPR Data Processing Agreement.
Please take a moment to review these documents:
However, unlike Google Analytics, we do not claim ownership of the data you collect about your visitors using Logaholic software. In most cases (i.e. self hosted installations) Logaholic has no knowledge of or access to any of that data. As a Logaholic user, you are a data controller and a data processor yourself and are responsible for your own GDPR compliance.
Luckily, the Logaholic software offers you all the tools you need to comply with GDPR when it comes to the data you’ve collected using Logaholic software.
The most important topics with respect to relevant software features are:
Personally Identifiable Data (PID)
The only Personally Identifiable Data (as defined by GDPR) that the Logaholic software collects and stores by default are IP numbers. However, it is possible to add more PID like email addresses and other data via cookies and urls and javascript methods.
You should take note of which data you are collecting and what parts of that data can be considered PID. GDPR requires you to disclose your collection of this data to your visitors in your privacy policy.
If IP numbers are the only PID you are collecting in Logaholic, there is an easy option in the software to encode that information.
Enabling IP masking in Logaholic will remove the last part of an IP number to make it anonymous. This is not a requirement for GDPR compliance, but if you don’t want to deal with potential data access or removal requests by visitors (or “data subjects”), using IP masking will turn your PID into anonymous data, provided no other PID is present.
Right of access
The GDPR gives people the right to see what data you have on them. Logaholic provides tools to locate the data for specific IP numbers, so you can comply with any of these requests.
Use the Most Active Visitors report to search for an IP number and drill down to the Click Trails report to display the activity for that IP number. Any other PID you might have can be found using the Log Inspector report.
Right to erasure
The GDPR gives people the ‘right to be forgotten’. Logaholic provides tools to delete and skip data from any IP numbers, so you can simply comply with any of these requests also.
Use the Most Active Visitors report to search for an IP number and drill down to Delete IP Number to remove the associated data. You can also add the IP number to the Data Filters settings in Edit Profile to prevent the Ip number from being processed in the future.
If you have any questions regarding GDPR, privacy or data protection in general, please feel free to contact us.