GDPR Compliance
✓ Technical Controls Ready
ATStatus provides the technical controls and features needed for GDPR (General Data Protection Regulation) and AVG compliance. Final compliance depends on your organization's implementation and policies.
ATStatus provides GDPR-supporting features (cookie consent, audit logging, data export). Actual GDPR compliance requires proper organizational policies, data processing agreements, and potentially a DPO depending on your organization's scope.
ATStatus follows the GDPR principle of "Privacy by Design and by Default" — privacy controls are built into the core architecture, not added as an afterthought.
GDPR Article Coverage
- ✓ Cookie consent management with granular opt-in/opt-out
- ✓ Consent tracking stored in database
- ✓ Clear consent categories (necessary, analytics, marketing, preferences)
- ✓ Consent withdrawal mechanism
- ✓ Clear and plain language in consent requests
- ✓ Separate consent for each purpose
- ✓ Easy withdrawal of consent
- ✓ No pre-checked boxes (opt-in required)
- ✓ Data export functionality for admin users
- ✓ Audit log access for authorized users
- ✓ Subscriber data exportable
- ✓ Subscriber deletion capability
- ✓ User account deletion
- ✓ Cookie consent records can be deleted
- ✓ Self-hosted — data stays in your infrastructure
- ✓ Minimal data collection by default
- ✓ Encrypted passwords and tokens
- ✓ Secure session management
- ✓ Comprehensive audit logging
- ✓ Hash-chained audit trail for integrity
- ✓ Records of all data processing activities
- ✓ Encryption of personal data
- ✓ Access control (RBAC)
- ✓ Two-factor authentication
- ✓ Regular security testing (self-test feature)
Cookie Consent Management
ATStatus includes a comprehensive cookie consent system that meets GDPR and ePrivacy requirements:
- • Necessary: Always enabled, essential cookies
- • Analytics: Usage tracking and statistics
- • Marketing: Advertising and remarketing
- • Preferences: Personalization and settings
- • Visitor ID linked to consent record
- • Timestamp of consent given
- • Record of which categories accepted
- • Ability to update preferences
Cookie Banner Configuration
The cookie consent banner is fully customizable:
- Position: Bottom, top, bottom-left, bottom-right, top-left, top-right
- Style: Bar, popup, or modal
- Text: Customizable consent message
- Behavior: Opt-in required (no pre-selected checkboxes)
Data Protection Features
| Feature | Implementation | GDPR Article |
|---|---|---|
| Password Hashing | SHA-256 with salt | Article 32 |
| Session Security | HMAC-signed tokens, database-backed | Article 32 |
| Access Control | RBAC with 50+ permissions | Article 32 |
| Two-Factor Auth | TOTP with backup codes | Article 32 |
| Audit Logging | Hash-chained, tamper-evident | Article 30 |
| Data Export | JSON/CSV export capability | Article 15, 20 |
| Data Deletion | User and subscriber deletion | Article 17 |
Self-Hosted Data Sovereignty
Because ATStatus is self-hosted, you maintain complete control over your data:
- Data Location: Choose where your data resides (EU, US, or any jurisdiction)
- No Third-Party Transfer: No data sent to external SaaS providers
- Full Control: Implement your own backup, retention, and deletion policies
- Direct Access: Direct database access for Data Subject Requests
GDPR Implementation Checklist
Use this checklist when deploying ATStatus to ensure GDPR compliance:
- Enable cookie consent banner (Settings → Features)
- Configure appropriate consent categories
- Update privacy policy with ATStatus data processing
- Set up audit log retention policy
- Document data processing activities
- Train staff on subscriber data handling
- Establish Data Subject Request procedures
- Host in GDPR-compliant data center (if applicable)
ATStatus provides the technical controls for GDPR compliance. Your organization is responsible for policies, procedures, DPO appointment (if required), and maintaining the overall compliance program.