On 25 May 2018 the General Data Protection Regulation becomes effective throughout the European Union and associated countries. Behind it there is a paradigm shift with regards to the ownership and control over personal data. From 25 May 2018, personal data belongs to the individuals, and any person has the right to know which of their personal data is hidden in any data repository, and – under certain circumstances – to have such data removed.
The consequences of the GDP Regulation are enormous. As an EU Regulation, not a Directive, it is binding for all countries at once. Thus, all owners of data repositories – anybody who stores data that can be pointing back to an individual person –, from 25 May 2018 onwards, must comply with the regulation. From repositories from chess clubs, to tax & income registers, your employers HR-registers (your salary), as well as Innovative Security Manager™ (ISM) tables containing names, addresses, etc., they all must comply with the regulation.
What does the GDPR regulate? Besides giving the individuals an insight to their personal data, and the right to have it removed, they also regulate the privacy of such data, and the duty of the data repository owners (the so called “data controllers”) not to leak any personal data to any third person. Government agencies in each of the EU and associated countries will run audits to see that the data controllers comply with the regulation and may punish them if they do not.
Therefore, in order to comply and to defend themselves against huge fines, the data controllers are now establishing contractual agreements with their customers (the individual owners of personal data), as well as with their subcontractors, who might gain access to any personal data in their daily work. Law companies throughout Europe are working overtime to produce all new contracts and agreements required, and both individuals and companies receive loads of new “terms & conditions” to “accept”.
So, what does all this mean to you, as one of our ISM users?
First of all, being a “data processor” – the GDPR term for subcontractor – we offer you a “Data Processor Agreement”, where we state how we comply with the regulation with regards to our support of your ISM system, which may contain personal data.
Secondly, we have established technical and administrative measures to avoid data leaks through our service center and the departments of Innovative supporting the service center. Logging in compliance with the regulation secures any break to be traced or may prove that a break did not come from Innovative’s organisation.
Thirdly, we introduce changes in our software in the coming versions, so that personal data and pictures may be securely and efficiently removed from the databases. Changes required are minimal, and todays versions can be used as such. Improvements are made only to simplify the operations required.
Finally, in the coming weeks we will approach all our customers to provide them with our “Data Processor Agreement”, discussing its implications, and the implications of GDPR for ARC’s, and partnering with them to help them complying with the General Data Processor Regulation.
