Altec supports and complies with the GDPR.
Passed in 2016, the new General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. Effective May 25, 2018, the GDPR seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU. It will replace the EU Data Protection Directive and all the local laws relating to it.
This new regulation broadly affects all organizations, government agencies, and companies throughout the world that collect or use personal data tied to EU residents. It affects European and non-European businesses using online advertising and measurement solutions when their sites and apps are accessed by users in the European Economic Area (EEA). Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security and compliance in the industry.
Data Security
Organizations must implement an appropriate level of security—encompassing both technical and organizational security controls—to prevent data loss, information leaks, or other unauthorized data processing operations. GDPR encourages companies to incorporate encryption, incident management, network and system integrity, and availability and resilience requirements into their security program.
Extended Rights of Individuals
Individuals have greater control—and ultimately greater ownership of—their own data. They also have an extended set of data protection rights, including the right to data portability and the right to be forgotten.
Documentation and Security Audits
Organizations will be expected to: document and maintain records of their security practices, audit the effectiveness of their security programs, and take corrective measures, where appropriate.
Data Breach Notification
The GDPR has specific requirements about when and how cloud customers have to announce a personal data breach to their regulators and/or impacted individuals.
Key GDPR Requirements for SaaS Customers
As the new GDPR requirements become a reality, organizations using cloud applications worldwide should be aware of their data privacy and security needs relating to their collection and handling of personal information.
Here are four key requirements:
Data Security – Organizations must implement an appropriate level of security—encompassing both technical and organizational security controls—to prevent data loss, information leaks, or other unauthorized data processing operations. GDPR encourages companies to incorporate encryption, incident management, network and system integrity, and availability and resilience requirements into their security program.
Extended Rights of Individuals – Individuals have greater control—and ultimately greater ownership of—their own data. They also have an extended set of data protection rights, including the right to data portability and the right to be forgotten.
Documentation and Security Audits – Organizations will be expected to: document and maintain records of their security practices, audit the effectiveness of their security programs, and take corrective measures, where appropriate
Data Breach Notification – The GDPR has specific requirements about when and how cloud customers have to announce a personal data breach to their regulators and/or impacted individuals.
How Does DocLink Comply With GDPR
We all have an interest in protecting private personal data along with confidential business information. See below for how Beyond Limits is complying with the GDPR in regards to it document management solution DocLink:
Ability to delete a record that contains personal data
Security of documents and metadata
Robust security and rules of reporting/action if data is breached
1. Ability to delete a record that contains personal data.
Once a document is located it can be deleted from DocLink. The image and all associated metadata are deleted permanently.
2. Security of documents and metadata.
Data is encrypted during transfer using TLS.
3. Robust security and rules of reporting/action if data is breached.
Document actions in DocLink can be audited to determine if/when changes are made or documents are accessed (based on configuration). It is up to the tenant/customer to define their internal processes.