The General Data Protection Regulation 2016 (GDPR) will come into force across all European Union (EU) member states (AND companies outside of the EU if those companies target EU member states) on 25 May 2018 . GDPR updates the obligations on your organization as the owner (or data controller) personal data for which you are responsible.
We strongly recommend that you carefully consider the change in law and the impact it will have on your business, assuming you have not done so already.
GDPR provides a number of new or enhanced rights and obligations, including:
- Where relying on consent as a lawful basis for processing, an individual’s consent must be freely given indicate opt-in, (not opt-out). Individuals also need to be provided with certain information (free of charge) when their personal data is collected or obtained, including relating to the proposed use of their data. This may impact on the consent process you use when collecting personal data from your customers and other individuals;
- The core obligations of the data controller have been clarified and enhanced, and a data controller has specific obligations, (amongst other obligations), to ensure that:
- data must be adequate, relevant and limited to what is necessary for the purpose
- data should be accurate, and where applicable, kept up to date
- the period of storing personal data in a form that enables individuals to be identified to be limited to what is necessary for the purpose
- Individuals also have clarified and enhanced rights to have access to their data, and in certain circumstances to have that data erased/corrected, and have it provided. The enhanced rights may require changes to your processes and systems to make compliance practicably manageable.
For the official GDPR Guidelines visit EUR-Lex.
A number of our customers have asked whether our software is “GDPR compliant”. Whilst we provide a number of different solutions to our customers, the overwhelming answer to this question is that a software product on its own is not likely to be either GDPR compliant or non-compliant; compliance depends on how a system is used, and with what personal data. It is therefore important for you to consider your own GDPR needs.
There is no case law regarding the GDPR requirements, and as such many of the regulations are interpreted without real certainty.
Digital Vantage Point takes security and privacy very seriously. The technical requirements to deliver an appropriate level of access to information, encryption and security is continually evolving. Our mostcurrent version of Nav-to-Net 8 includes numerous advances in these areas. The newest version will include administrative tools for responding to GDPR based Data Subject Requests as well as updates tocryptography, TLS, credit card information handling and security in general. Current customers of DVP on a maintenance plan are entitled to the latest version of our software and should consider upgradingsoon to take advantage of these improvements.
We are currently providing recommendations to existing Nav-to-Net customers who want to address GDPR concerns without upgrading. Existing customers should contact firstname.lastname@example.org to follow up.