Our commitment to support GDPR compliance
On May 25, 2018, a European privacy law, the General Data Protection Regulation (GDPR), will take effect.The GDPR imposes new rules on companies and organizations that offer goods and services to people in the European Union (EU) or that collect and analyze data tied to EU residents.Read this article to discover how kopilot will help you to meet the upcoming GDPR requirements.
Processor or Controller?
GDPR article 4 makes a clear distinction between the data controller “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” and the data processor “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”;
kopilot has both roles. We are controller when managing data of our own employees, clients and contacts. We are processor in relation to your data: our platform facilitates the reporting and may refer to clients, users and contacts yet we do not control the data you choose to manage. As a data processor we provide the tools that help you achieve GDPR compliance.
How kopilot helps you to become GDPR compliant
As a data processor we provide tools for and assistance to our clients to become GDPR compliant:
- Our role as a data processor and linked responsibilities are described in our data processing agreement.
- We have data processing agreements in place with our subcontractors to ensure they will respect our obligations as a data processor.
- We continuously invest in technical and organisational measures to safeguard the safety and reliability of our platform.
- Our internal policies and procedures have been updated in order to comply with the different obligations under GDPR.
- We added extra functions in kopilot to facilitate GDPR compliance (eg. when deleting an account, there is the option to hard-delete the record from our systems).
It is important to note that it is your responsibility to respect GDPR guidelines as a data controller. Keep in mind following principles as you and your team prepare:
- Personal data collected needs to be processed in a fair, legal, and transparent way. It should not be used in any way that a person would not reasonably expect.
- Personal data should only be collected to fulfill a specific purpose and not further used in a manner that is incompatible with those purposes. Organizations must specify why they need the personal data when they collect it
- Personal data held needs to be kept up-to-date and accurate. It should be held no longer than necessary to fulfill its purpose.
- EU citizens have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization without hindrance.
- All personal data needs to be kept safe and secure, and companies undertaking certain types of activities are now required to appoint a data protection officer (DPO).
More information is available on https://gdpr-info.eu/. We advise to contact a lawyer should you have specific question on your obligations under the GDPR.
If we can help with any kopilot specific question on GDPR, or any other compliance project, feel free to contact our support desk.
Safeguarding the security of your data and ensuring compliance is an important part of our mission. We continue to invest effort and resources in improvements in this area.