In-depth Privacybunker service review by Boost.hr privacy experts

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU.

GDPR includes 3 sides in gathering and processing personal data:

1. A controller is a “person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data”.
2. Processor is a “person, public authority, agency or other body which processes personal data on behalf of the controller”.
3. Physical person called Data Subject which owns his/her personal data and is, under certain rules, to give them to Controller.

Controller has to know and control all data given to Processor at all times.

In order to have any company and web site comply with GDPR, web site owners need to define Cookie Policy and Privacy policy and make them visible to any site visitor. That means one should inform all data subjects on what personal info they gather and process, for what purpose, for how long and which third parties will have access to data etc. These information are expected to be in detail explained in Privacy Policy.

In that way, data subject (private person) will have an opportunity to decide whether he/she wants to give consent and exercise certain relationship with Controller (company) in case some personal data will be exchanged or given to controller to process them.

In order to check how your personal data is used on certain site that uses Privacy bunker system, one has following options and functionalities on disposal.

First thing user will see on landing page (example of https://boost.hr/ site) is Privacy and Cookie notification in form of pop-up window.

At the bottom of pop-up window is option “Customize settings”. Once you click on it, any user can see what cookies are on disposal and can decide himself/herself what cookies will allow while visiting this web page. It is important to click on “Save settings” once you have decided what type of cookies you will allow to be placed on your device.

Below option to “Customize settings” one has another option – “Privacy portal” (lower right part of pop-up window).

In order to check whether this site is having your email address (drop-down menu offers more personal data check-out) one has to click on check-box where one confirms to allow sending access code to 3rd party service. Also, at the field “Enter email” one can type email address one wants to check within personal data registry on this site. Also, it is mandatory to enter captcha code before clicking LOGIN.

Below is an example of filled form just before clicking LOGIN and submitting request to receive code for login. You can note that links to Terms and Conditions (Uvjeti korištenja), Privacy Policy (Politika privatnosti) are visible at all times as they should be in accordance with GDPR regulation.

On submitted email address new message will arrive with Access Code.

Following screen shows that correct code is entered and user needs to click on ENTER in order to access its personal profile related to this web site.

In that way user enters Privacy bunker Homepage. One can see that blue ribbon line is offering number of options. Below Privacy bunker provides tools that might contain your data, in this example MailerLite and WordPress as Boost uses only those tool for newsletter distribution. Other companies might use more tools related to personal data.

If user chooses option “Profile” (on blue ribbon) option to be forgotten will be visible. Screen also shows what exact data this web site uses.

In case web site uses additional tool, on “App Data” option (blue ribbon options) additional data will be listed.

Additional option on blue ribbon is “Privacy control” where user can check all given consents, but also has an option to “Withdraw consent”.

If one chooses option User Requests all record on requests will be shown. If there are none, system will notify user that “No matching records found”.

Profile activity “History” on blue ribbon will show all users activity records related to this web site.

Coming back to Homepage of Privacy bunker will show several options related to any of the external systems used (in this example MailerLite and WordPress). Another option (blue button) will fetch selected data.

If user chooses Fetch data from MailerLite tool following screen shows report details that are shown to user.

This testimonial was generated by non-technical person which shows that even average internet user can control his/her personal data using Privacy bunker tool. Therefore, as Boot LLC Croatia General Manager I can fully recommend Privacy bunker solution to any company owner or any web site owner that feels having GDPR compliance on web site is too complicated to too costly. It is not, one just has to let experts from Privacy bunker solve your compliance problem.

Vitomir Lučić, GM at Boost LLC Croatia