(GDPR) General Data Protection Regulation.
As of 25 May 2018 the (GDPR) General Data Protection Regulation came into force. Based on the following FAQ you will get to know everything about this change in legislation and what this means for your organisation.
GDPR
What is the GDPR?
The GDPR is the General Data Protection Regulation. This European privacy legislation replaces the Dutch ‘Wet bescherming persoonsgegevens’ (Wbp) law as of 25 May 2018. The GDPR is stricter than the Wbp. Examples are stricter supervision on organisations which process personal information and increased attention for the rights of the people whose information is being processed.
What does GDPR mean?
The abbreviation GDPR means General Data Protection Regulation. The AVG is the Dutch version of the GDPR.
What are the consequences from the implementation of the GDPR for Softbrick and its customers?
Softbrick meets the obligations put forward in the Dutch Wbp and it has, since the GDPR had been introduced in 2016, focused on possible adjustments in procedures. Being in compliance with current legislation is an integral and important task within Softbrick.
Personal information
What does the processing of personal information include?
Processing personal information includes the following: the collection, constitution, ordering, saving, updating, changing, withdrawal, consultation, use, provision by way of forwarding, distribution or any other way of making available, consolidation, linking and guarding, changing, or removing of information.
What is a Processing agreement?
A Processing agreement determines which information is available to Softbrick. It also contains information regarding the duration, the time and under which conditions information may be processed.
The responsibility for concluding an agreement lies on the party who provides the information; the person responsible. Softbrick is empowered with a processing agreement which meets all the criteria put forward in the GDPR. This can be drawn for you upon request.
We already have concluded an agreement with Softbrick. Where does this processing agreement belong?
The processing agreement is forwarded as an appendix to the existing agreement.
Does Softbrick have a more extended document where all of this is depicted in detail?
Yes, in the Information security policy document Softbrick it is depicted which measures are taken by Softbrick against unintended use of information and you can find what happens in case of a data leak.
This document is automatically added to the Processing agreement. Should you want to know more about this, please feel welcome to contact us.
Responsibility
Who is responsible, for what and when?
The GDPR speaks of people responsible and processors. When you provide us (personal) information, you are ‘responsible’. Softbrick is the ‘processor’ in this case. The provision and procession of data has to be formalized by an agreement (the processing agreement). As a responsible person you should be able to prove that you have taken the right technical and organizational measures in order to protect the personal information.
Who is the person involved?
Within the context of Softbrick WFM the persons involved are your employees. The information of your workforce is saved and processed within the software package of Softbrick.
Which changes apply to the person involved due to the implementation of the GDPR?
With the introduction of the GDPR the privacy rights of the person involved are enforced and extended. The ‘right to forget’ is important for our system. This means that (under certain circumstances) the personal information of the person involved should be removed in case the person involved demands this. On the website of Authority Personal information you can find under which circumstances this should be done.
Who within Softbrick has access to your personal information, and what happens with it? Please find enclosed the appendix Information security policy Softbrick to the processing agreement.
Measures
Are your employees aware of the GDPR?
Our employees are regularly trained on the area of information security and they are continuously educated. Once every quarter it is checked, by way of a sample, whether our employees are aware of the current legislation and whether they act accordingly.
Is Softbrick checked on the GDPR?
Yes, the certification course for the international information standard ISO 27001 takes the GDPR into account. After the initial audit Softbrick is yearly checked on this standard.
Does Softbrick have procedures in case of a data leak?
Based on the GDPR a reporting obligation exists in case of a data leak, and this obligation has existed for longer based on the Wbp. Therefore, Softbrick has a procedure which prescribes how to deal in case of a data leak. All our employees are aware of this procedure.
In what way does Softbrick protect my data?
We make use of encryption. For electronic transport Softbrick WFM makes use of encryption based on SSL. For physical transport of data we make use of encrypted USB-sticks. In addition, all personal computers and laptops of Softbrick are equipped with encryption.
How could Softbrick help us act in line with the GDPR?
Softbrick started preparing for the GDPR in 2016 and we make sure that both the organisation as well as the software is in line with the legislation. In case you have any questions regarding this, please feel welcome to ask by sending us an e-mail or by calling our main telephone number.