On the 25th of May 2018 the new European General Data Protection Regulation (GDPR) will become effective
GDPR is the most important change in data privacy regulation of the last 20 years. GDPR defines a comprehensive framework on how businesses collect, store, process and otherwise manipulate personal information of EU citizens and residents alike.
The Regulation is applicable for all organizations alike and covers all departments that have contact with personal information. It does not discriminate or excludes any kind of business, business sector, company size or government institution, so chances apply for your company as well.
Personal data is any kind of information that relates uniquely to a person (data subject according to GDPR jargon). In detail, the regulation defines as personal “any information related to a natural person or “Data Subject”, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, a posts on social networking websites, medical information, or even a computer IP address”.
The regulation defines strict and unambiguous rules for the protection, authorized use and processing of private information, by specifying how data will be processed, and secured. Moreover, the regulation defines two important principles:
The principle of “transparency” for the collection, processing and storing of personal data, and
The principle of “accountability” according to which the legal entity (the company who is storing and/or processing personal data) is responsible to demonstrate compliance with the stipulations of the regulation.
Additionally, the GDPR directives require the following:
The Regulation requests the provision of appropriate technical and organizational measures for the secure processing of private information that is absolutely essential for the particular scope.
The “data processor” and the “data controller” shall deploy appropriate technical and organizational measures in order to achieve adequate security of personal information.
Companies and organizations are required to inform authorities and data subjects as soon as they detect unauthorized breach of personal information, especially if that breach is potentially harmful.
Data Processor must contact a “Data Protection Impact Analysis”, especially if processing of personal information is systematic and of a large scale, or entails a high risk for the rights of the the data subjects.
From day one, SOFTONE invested on Data Security by implementing rigorous data security mechanisms and procedures. Since 2014, SOFTONE has acquired ΕΝ ISO 27001 certification on Information Security Management from TUV Austria certification body. Furthermore, SOFTONE closely collaborates with Microsoft utilizing Azure Cloud Services. Microsoft is a leading vendor on cloud products and cloud security operating a dedicated and certified emergency response team on security breaches.
SOFTONE ERP includes by design an array of security mechanisms and tools that guarantee data privacy and security and authorized access. Those security mechanisms enable the application administrator to define detailed security policies and provide authorized access to personal data only on specific employees in accordance to GDPR provisions.
Application Access through a username / password pair
Each and every application user has a unique username/password combination in order to get access to the application
Configurable password lifetime and expiration policy
The application allows the configuration of the password expiration timers, prompting the user for a change on specific intervals. In case the user fails to renew the password, the application denies access.
Configurable password lifetime and expiration policy
The application allows the configuration of the password expiration timers, prompting the user for a change on specific intervals. In case the user fails to renew the password, the application denies access.
Password complexity
The password complexity is configurable through the SOFTONE console.
Authorized access to classified information
Each user is accessing data and information according to the authorization profile configured by the administrator.
Authorized access to lists and reports
Each user is accessing lists and reports according to the authorization profile.
Groups policy
Administrators can create user groups with specific pre-authorized data access privileges.
Logging
Ability to Log all transactions performed on data.
Data Export
SOFTONE provides unique abilities for data exports from authorized users in various formats, satisfying the GDPR stipulations for providing personal information to Data Subjects
IP lock
The application allows access only via a predefined set of IP addresses.
SOFTONE applications, come with an array of characteristics that simplify the company’s effort to comply with GDRP. Moreover, SOFTONE Series 6 enables the company to automate the GPDP compliance procedures and offers unparalleled functionality and ease of use.
Ability to classify the applications fields as (private, sensitive, or unclassified).
Ability to classify the application users according to as per their authorization to access personal information.
Ability to classify all custom fields (that are usually created in custom ERP implementations).
Personal data is displayed only to pre-authorized privileged users according to their clearance level.
Ability to erase or anonymize personal information securing database integrity.
