Heartpace and GDPR -
General Data Protection Regulation
This is the case
The legal act is about personal integrity and the individual's right to find out what information is stored, where it is stored and also the right to have it deleted. GDPR regulates the extent to which businesses have the right to request and store personal information and the approach is generally restrictive. A special section is written about personal data in labor law, and here is the basic rule that data may only be stored if it is relevant to drive and develop the business. We would like to ensure you that we at Heartpace will provide all our customers and users a service that is in compliance with GDPR.
These are subject to the legislation
The legislation specifically addresses third party data activities, for example, where authorities work with personal data, such as various forms of marketing and sales organizations, etc. It also encompasses what happens in almost all operations, such as managing various types of employee conversations stored, such as payroll, evaluations, and competence data. This is where Heartpace comes in to the picture. The new law implies a much stricter approach associated with substantial fines if you violate the law. Responsibility for compliance rests on board and CEO and can not be delegated!
The roles - those who handle data
The person working with the data is called Data Controller, and if the data that you are working with is stored with another party, for example, on a web host, an external server provider, in a cloud service is called the Personal Data Adviser. In our relation Heartpace is the Personal Data Adviser. The legislation stipulates the obligations of each party. It is also important that an agreement must be signed that governs the cooperation between a Data Responsible and a Personal Data Counselor. Here it is very important to work with a Personal Data Adviser that complies with the law with the correct encryption level, security for login and storage, but also that all data is kept within the EU. Here is the place to again mention that Heartpace lives up to all obligations and also that we always sign an agreement with our clients regulating our services.
You need system support for processes
You should take processes that you do today with Word and Excel to a new solution. Maintaining the legislation will be very difficult without insurmountable work. Nor is it possible to duck with reference to making their processes in 'paper format' because the new legislation also covers items stored in boxes and cabinets. The law requires that all data should be kept safe but above all, that you should be able to explain and demonstrate how the collection, storage and even clearing process works. It does not correspond to a solution where documents are stored in different folders, on different computers, in boxes, mailboxes and elsewhere, which is commonplace today. If you have such a process it is very important to start acting. Legislation requires IT to be based on the principle of "Privacy by design" in order to comply with the legal requirement. Again, Heartpace fulfills the requirements.
You are welcome to contact us and we will assist you with your questions. You can also contact your own DPO, Data Protection Officer. For every client relation Heartpace has listed the DPO in your account. You find it under your personal settings when you are logged in.
If you wish, you can access the Data Protection Regulation in its entirety. Please