GDPR
The new European GDPR has come into force. You might have heard about this and have some questions. What does this new privacy regulation mean? What does it mean for your company? We briefly outline the most important characteristics.
GDPR means General Data Protection Regulation. This new European regulation is an expansion of the current privacy laws for a better protection of private persons’ data and to make the privacy regulation fit today’s digital society. The law defines conditions for personal data processing and free transfer of this data. The GDPR has become enforceable on 25 May 2018.
A brief summary:
- Transparancy
Companies have to show at any moment how, where and for which purpose personal data is collected and processed. Only strictly necessary information can be stored and only for a certain period of time. - Data subject's rights
Companies need to have a clear procedure for deleting or transferring data. Personal data has to be deleted (even data shared with third parties) or transferred in a machine-readable format) at the request of the subject of the data. - Notification requirement
There is a notification requirement for possible data leaks that are a security threat to personal data. - Permission
When personal data is used for marketing purposes like newsletters or loyalty cards, the subject of the data needs to give their explicit consent, and can withdraw this consent at any time.
What to expect from SDP?
SDP focuses on an optimal security infrastructure on different levels (Multi layered security). Our technical department can give you advice to optimize your network security and data backup.
Our software already has an option to define access rights to specific data per employee. This information is registered automatically. Our consultants are ready to support your system manager with user rights analysis and configuration, and with a password procedure per employee. In this way you can define who has access to which data.
You also process data outside our application. Our technical department can help you with an exhaustive audit of your folder structure and the configuration of access rights.
We will provide our current security functionalities with extra specific functions to guarantee the data subjects’ rights to the fullest.
Personal data can be deleted after a period of inactivity. For example, loyalty card information or employment records.
Statistics, bookkeeping information and official personal data will be stored during time-periods defined by the privacy legislation. After these time periods personal data can be anonymized or deleted permanently.
Permissions to store personal data for marketing purposes will be saved, on the condition that they can be recalled any time.
SDP provides the necessary support and training to implement these modifications in a new software version of your package. We recommend that customers with customized software packages contact their account manager to discuss the necessary modifications.
We raise awareness among our employees to respect the new regulation while providing service to our customers.
SDP's internal actions,
also areas of concern for your company?
SDP is also happy to share experience and information regarding our internal actions. We mapped our business processes and made an inventory of our processing activities. This must lead to a profound privacy policy with an external and internal focus.
Our marketing department is actively working on communications and is updating our website. Our administration adapts customer contracts and finalises confidence agreements with providers. HR revises employee contracts, raises awareness within the company and provides training. In the meantime, we continue to develop new features for your software package.
Reply form
Please fill in the reply form below in order to be contacted by SDP for advice regarding the application of the new GDPR legislation.
This advice will be invoiced at hourly rate in conformity with our General Conditions.