Wandsoft, the General Data Protection Regulation, the Data Protection Act 2018 and SI336
The General Data Protection Regulation (GDPR) is a piece of legislation designed to strengthen and unify data protection laws for all individuals within the European Union. It became effective and enforceable since 25th May 2018. It was added to Irish law through the Data Potection Act 2018. SI 226 implements the e-Privacy directive.
Wandsoft is fully committed to achieving compliance with the GDPR, the DPA 2018 and SI 336..
What has Wandsoft been doing about the GDPR?
As a responsible data-processor, we started to dedicate internal resources to the GDPR in April 2017, and here is an outline of the status:
- We researched the areas of our product and our business impacted by GDPR;
- We have reviewed the requirements to address the areas of our product impacted by GDPR;
- Our data-centres are located in Ireland, so our clients are not impacted by data leaving the EU while using Wandsoft CRM;
- We have internal procedures and training in place to minimise our access to our clients data;
- We have built-in functionality so our clients can monitor our access to their CRM during maintenance;
- We are security conscious and we use encryption on most processes;
- We have modified our built-in documentation and added a number of notices within the system to start training our clients;
- We have reviewed data-controllers/data-processor contracts;
- We have made changes and improvements to our product to ease our clients' GDPR related workload;
- We have made changes to our internal processes and procedures to achieve and maintain compliance with GDPR;
- We have reviewed contracts and security arrangments with our data-centers;
- We are preparing a breach communication procedure;
- We will test all of our changes to verify and validate compliance with GDPR;
- We removed the use of Google Analystics and monitor traffic through our own Analytics solution.
What changes have been made to the Wandsoft solution to asssit GDPR Compliance?
Our clients can tailor how they request consent.
We added a series of screens and functionality to address retention periods, requests from your customers related to their rights for accessing any personal data that might stored in your Wandsoft CRM.
We added functionality to be more transparent about the maintenance work carried out by Wandsoft.
We created a new product www.bizoneo.eu to assist your organisation in documenting your GDPR compliance:
- Audit of all IT assets with indication as to whether assets are encrypted
- Management of staff and contractor
- Training management so you prove your staff was trained for data potection;
- Asset allocation so you know who is using what and ensure data is encrypted
- Full data audit
- Privacy impact assessment (threat analysis and business impact)
- Register to log request for information (DSAR) and any GDPR impact
- Document management for procedures and policies