A GDPR compliant handling of your data and the data from your devices and machines is important to us. From the server version 47.x onwards the Appliance fulfils all guidelines according to the GDPR (General Data Protection Regulation).
The following features are available for all server instances of Microtronics. No matter whether it is the product M2M platform, MDN myDatanet, Keycode Server or Energy Server.
Categories of users
When creating a user there will be a distinction between GDPR-liable and GDPR-not-liable.
- GDPR-liable user
natural person - GDPR-not-liable user / user not subject to GDPR
interfaces / non-natural person
For users not subject to GDPR (for example interfaces for the API access) the GDPR is not applicable. They have to be marked by the administrator. GDPR-not-liable users cannot login into the Backend of the Appliance.
All natural persons must provide an e-mail address. After the creation of a user-account the user has 720 hours or 30 days’ time to activate his account and agree in this process to the GDPR regulations. If this does not happen within 720 hours, the data is deleted again. The 720 hours or 30 days is an adjustable default value.
GDPR regulations and seeking user agreement
Personal data is affected by the GDPR. This includes user data. Depending on the specific application you implement with the technology from Microtronics, this can also affect the data of the devices or machines.
As for example the various wearables that store personal and often even sensitive data about users. Therefore, you can store the concrete formulation of your individual GDPR regulations.
In the settings of the server you store a link to your individual GDPR regulations. As soon as you add this link or make changes on the linked page, you can publish these changes and trigger an e-mail to all GDPR-liable users or natural persons.
They must now agree to the new regulations within 72 hours (default, adjustable). Otherwise, the user is deleted. In addition to sending the e-mail, after logging in a page appears to confirm the GDPR. First, the user must agree to the GDPR regulations. Only then the user can work with the Appliance as usual.
SSL encrypted communication
Encrypted communication via SSL is absolutely essential for GDPR compliant processing. As soon as the user has a possibility to enter data, it is advisable and usually also absolutely necessary to encrypt this communication.
In addition, setting up SSL today is rather easy and can be described as “state of the art”. “State of the art” is mentioned in the GDPR. In many cases it is not clear what is “state of the art” and what not. It can be assumed that an encrypted SSL connection is definitely included.
Does my server already communicate securely via SSL?
That’s easy to find out. Enter the domain of your server into your browser and put https:// in front of it. If this works, try to reach your server with the unencrypted variant http://. An automatic redirection to https:// should take place.
But beware! The preceding https only is no guarantee for a secure connection and certainly does not guarantee that the server is really who it claims to be. You have to check the validity of the certificate. In many browsers this is symbolised by a lock.
How do I set up SSL for my server?
The Appliance supports paid certificates that you can purchase from an authorized certification authority. From server version 45 onwards the free certificates of the certification authority “Let’s encrypt” are additionally supported.
“Let’s encrypt” is a free, sponsored certificate authority that provides SSL certificates free of charge. The certificates are automatically renewed in the background at regular intervals. This regular renewal (usually every 60 days) increases safety. If you want to encrypt your communication with the Appliance or have further questions about GDPR, please contact the Microtronics team!