What you need to do: Clients have the right to get access to the data your organization is collecting and processing. However, before providing data, clients must verify themselves.

How 3DPrinteros handles it: Clients can see all their 3DPrinterOS data on the Profiles settings page(public data and general data) and the Profile settings page -> Personal Data management block -> Change promotion data button.

What you need to do: Clients have the right to request that organizations forget all their collected data unless the company is legally obliged to keep it. For example, telecom companies must keep data about SMS messages—who sent them, to what number, and what the SMS content was —for five years, as required under the EU Terrorism Prevention Act.

How 3DPrinterOS handles it: 3DPrinterOS users can opt out of processing all personal data collected about them in the user’s profile settings page by clicking the "delete my data stored in the system" button and selecting which personal data they want to delete. To delete general personal data(email and IP addresses, which are used for security reasons), an account user should write to support.

What you need to do: Consent is required to provide services to clients and other associated activities. While consent may be revoked for specific activities (such as newsletters), the service provider still has a right to process data if the client resumes using the service, but only to the extent needed to provide the service. If the client requires all data handling to be stopped, they must be informed that the processing is needed to continue providing the service, or no service will be given.

How 3DPrinterOS handles it: All information describing how and why we use personal data is noted in our Privacy Policy, Terms of Use, and Data Handling Policy. The client must review and accept the terms in these documents before using 3DPrinterOS services.

What you need to do: You must be able to verify the customer before providing data. When data is exported from your organization to another, it must be encrypted and moved through secure channels.

How 3DPrinterOS handles it: The user can request all personal data 3DPrinterOS stores about them on the Profile settings page->Personal Data management block-> Request my data stored in system button and automatic downloading of .csv file will start. (actual)

What you need to do: Protect personal data using the correct security practices. Make sure that all third parties you are working with do the same and are compliant with GDPR.

How 3DPrinterOS handles it:

3DPrinterOS has:

What you have to do: You must have appropriate monitoring tools in place to understand what is happening with your data and can notify the right people at the organization that a breach may have occurred. Firms have 72 hours between when a breach occurs and authorities are notified.

How 3DPrinterOS handles it: We have built-in detective and protective controls with an alerting system, which provides a real-time analysis of security alerts generated by applications and network hardware.

What you need to do: Please be transparent about the data collected, how and where it will be used, and the reasons for using it while requesting consent. Consent defined under the GDPR must be a freely given, specific, informed, and unambiguous indication of the individual’s wishes. There must be some form of explicit affirmative action – or, in other words, a positive opt-in – consent cannot be inferred from silence, pre-ticked boxes, or inactivity.

How 3DPrinterOS handles it: We are not using pre-ticked boxes; we have reviewed our Privacy Policy and Terms of Use. We will prompt our existing customers through the 3DPrinterOS to read our Terms of Use, Privacy Policy, Data Handling Policy, and this document, show us that they understand them, and revoke consent to process data if they don’t want 3DPrinterOS to process their data.

What you need to do: GDPR does not mandate that it be documented. Keeping records could be done in your head, or notes jotted down somewhere. However, if auditors come, you must be able to demonstrate or explain your organization's data processing procedures.

How 3DPrinterOS handles it: 3DPrinterOS has a Data Handling Policy. It clearly states how data is processed and secured by the firm. Also, we have an internal register of consents where the user gives or revokes all consents.

What you need to do: Clearly state in your cookie policy, privacy policy, and Terms of Use how and what data is collected and for what purposes it is used. (Whenever data is being collected.)

How 3DPrinterOS handles it: We have made it all crystal clear in our Privacy Policy, Terms of Use, and Data Handling Policy.

What you need to do: Make clear in your privacy policy how data is stored, when, and what data will be deleted when a customer insists.

How 3DPrinterOS handles it: We have included it in our Privacy Policy. Data is stored for an indefinite period unless otherwise instructed by a customer.

What you need to do: You can train your team on this topic. Elaborate on the current situation, what’s changing in May, and how to behave in certain situations.

How 3DPrinterOS handles it: Our DPO attended several GDPR trainings and consulted with several experts in the subject matter. Then, we took one day out of the office with our entire team. We discussed compliance, with the compliance team providing an overview of the laws. The compliance team answered all questions, described the tools we use and impactful changes, and followed up with unanswered questions in the following weeks.

What you need to do: Make sure your Terms of Use, privacy policy, cookie policy, agreements, and other documents are by GDPR. (Check out 3DPrinterOS documents to get a better overview of 3dprinteros.com/GDPR)

How 3DPrinterOS handles it: We have made all needed changes in our Privacy Policy, Terms of Use, and other documents to coordinate them with GDPR.

Let’s clarify the DPO: A data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). DPOs are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. If you are a small company, you do not need to hire someone to fill this role. The same job can be done by the CEO or someone with authority.

How 3DPrinterOS handles it: Our CTO, Anton Vedeshin, is also our DPO.

What you need to do: Partner compliance is your responsibility as your firm processes the data from the customers’ perspective. Understand that if your partners are GDPR compliant, your firm is at risk if they are not.

How 3DPrinterOS handles it: Our legal team creates, improves, and manages our documents and contracts.