Since May 25, 2018, the General Data Protection Regulation (GDPR) has been applied to all businesses and organizations in all EU member states, and aims to standardise privacy and security, with a view to protect the rights of individuals. A challenge for bws? Actually, it has already been more than tackled!
All companies that transfer personal data with EU residents will need to comply with the GDPR. The regulations outline "Controllers" and "processors" of data. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. Even if controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with personal data belonging to EU residents.
A valid consent for data collection must be obtained, and the processing purposes and use must be clearly stated. Customers have a right to access their data at any time to check how it is being used and where it resides. In cases where personal data is inaccurate or incorrect, our business must make appropriate changes within 30 days. A customer can request for her/his data to be deleted when they believe there is no compelling reason for continuous processing. This includes instances where "personal data is no longer necessary in relation to the purpose for which it was originally collected or when the individual withdraws consent". In an event of a data breach, the relevant individual has to be informed within 72 hours.
Concerned about compliance with this major law, bws have surrounded itself with the best experts in the field, in the implementation of audit, monitoring and continuous control tools. In addition, processes and procedures have been put in place to comply with the various provisions of GDPR – data protection addendum, data deletion, data retention, and Pseudonymation/anonymization. In addition, bws has appointed a Data Protection Officer and Article 27 representative, and has incorporated GDPR principles in our products development planning.
Bws has already been rewarded the Smart GDPR Silver distinction and plan to work with our customers to complete a Data Protection Impact Assessment policy.