Our FAQ’s

What is the GDPR?2018-06-26T14:10:20+00:00
  • The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU)
  • The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU
  • It became enforceable on 25 May 2018, across all EU member states
  • No additional local / country specific legislation is required
  • But some countries may decide to add specific provisions for their country or make further clarifications to GDPR definitions
What are the GDPR Principles?2018-06-26T14:11:03+00:00

The key principles of data processing under GDPR are :

  • Fair, lawful and transparent processing
  • Correct, stated purpose
  • Data minimisation
  • Accurate and up to date
  • Kept no longer than necessary
  • Secure
  • Accountable
Is ONZO a Data Controller or Processor?2018-06-26T14:11:29+00:00
  • ONZO provides a Software as a Service (SaaS) platform to analyse Smart Meter data
  • ONZO and it’s Utility Customers have clearly defined roles, when it comes to data

Data Processor

ONZO’s relationship with our Utility Customers is that of a Data Processor. We process data on behalf of our Customers and follow their instructions, with regards to stopping / resuming processing and subject access requests

Data Controller

Our Utility Customers are the Data Controller. They are responsible for securing data consent from the end consumer / household. They can ask ONZO for assistance in relation to stopping / resuming processing and responding to Subject Access Requests

How is ONZO compliant with GDPR?2018-06-26T14:11:47+00:00
  • We have a range of internal policies that govern how we manage data
  • We request and only collect that data which is necessary for us to provide our service to our utility customers
  • We have assigned a Data Protection Officer, to oversee our compliance with GDPR
  • We have undertaken extensive threat modelling of our service and infrastructure
  • We have updated and refined all of our privacy notices to ensure they reflect individuals rights
  • We have enhanced the capability of our platform, to support GDPR specific requests such as objection to processing and data portability
What legal basis does ONZO rely on, for processing data?2018-06-26T14:12:41+00:00
  • For ONZO to process data on behalf of our utility clients, we typically rely on the following legal basis :
    • Consent – The individual has given consent to the Utility, to process their consumption data.
  • Contractual – The processing is necessary for ONZO to meet it’s contractual obligations to provide a service to our Utility customer
Does ONZO store / process “Sensitive” data?2018-06-26T14:13:10+00:00
  • No, ONZO does not store any kind of data that meets the definition of Sensitive Data
What happens to offboarded Customers?2018-06-26T14:13:33+00:00
  • Requests to offboard a Customer / Household are managed via a “household delete” request that is submitted to ONZO
  • Data for offboarded Households is permanently deleted from the ONZO platform, when the delete request is processed

Once deleted, the customer data is gone forever.

We have received a Subject Access Request – what do we do?2018-06-26T14:13:52+00:00
  • If as a Utility customer of ONZO, you have received a Subject Access Request from one of your Customers, ONZO will be able to supply you with a structured (JSON) data export of all data that we hold for the selected Customer
  • Please contact dpo@onzo.com, stating that you wish to fulfil a Subject Access Request as well as providing the details of the Customer / Household in question
  • One of the ONZO team will then follow-up with you
How does ONZO classify consumption Data?2018-06-26T14:14:08+00:00
  • GDPR does not explicitly state that Consumption Data is personal data
  • However, we recognize that our Utility customers and in turn their customers, may regard this data as personal
  • We therefore take the stance that Consumption Data IS personal data
Does ONZO transfer data outside of the EU?2018-06-26T14:14:25+00:00
  • No
  • Our entire service offering is based upon Amazon Web Services (AWS)
  • We are hosted in the eu-west-1a,1b and 1c locations in Dublin, Ireland
What does BREXIT mean to ONZO?2018-06-26T14:14:51+00:00

In short, nothing. When the UK leaves the EU on 31 March 2019, ONZO will still need to adhere to GDPR One reason for this is the cross-over period between the GDPR coming into force and the UK exiting the EU. The UK will need to comply with the Regulation while it is still a part of the EU. UK companies wishing to continue to do business with the EU after BREXIT will need to comply with the Regulation to avoid infringements

The UK is also working through a new Data Protection Bill. This will eventually become the Data Protection Act 2018, replacing the current Data Protection Act 1998.

The bill is currently working its way through the UK Parliament and will replicate and in some cases improve GDPR protection.

Further Questions?2018-06-26T14:15:06+00:00
  • If you require further details, or have specific questions you would like to ask

Please contact dpo@onzo.com with your question