What is the General Data Protection Regulation?
Did you hear the news? The General Data Protection Regulation (GDPR) is on its way. At inQdo we directly started with the preparation of this new regulation. Are you curious about what the GDPR is and what inQdo is doing to protect personal data? We’ve got the answers you’re looking for.
By: Martijn de Lange
What is the GDPR?
The GDPR is an abbreviation for General Data Protection Regulation. This regulation aims to protect personal data of European Union residents. Within the EU there is already a law on the protection of personal data, which is the Data Protection Directive, on which the Dutch law is based, namely the Wet bescherming persoonsgegevens (Wbp).
As of May 25th 2018 the GDPR will apply in the EU and the Dutch Wbp will no longer be an obligation in the Netherlands. The processing of personal data according to the GDPR may only be done when consent is reached, which could be based on either:
- consent given by the data subject
- legal grounds
- by contract
And all of it should be ready for existing and new processing before May 25th 2018, when the supervisor authority is authorized to issue a fine up to 20,000,000 euro or 4% of the annual revenue.
How is inQdo dealing with the GDPR?
Since inQdo has many contracts in which personal data is involved, some obligations apply. Some of these are:
- recording the processing of personal data in a record for processing activities
- notifying the controller and if necessary the supervisor authority when a data breach occurs.
- appointing a Data Protection Officer (DPO).
How do we guarantee privacy?
Besides the obligations from the GDPR, some best practices are given to guarantee privacy. These best practices apply at inQdo as well, which is in line with the security and privacy priority that inQdo tries to keep up.
This is reflected in the Dev/Ops teams for both integration and AWS, where the privacy by design and default principle applies. This means that at every step in the process, the security of personal data is at the required security level, where confidentiality, integrity and availability is taken into account.
Also, the platforms inQdo uses are updated by the Dev/Ops team to the latest stable version. The protection of personal data is guaranteed by support consultants as well through the daily checks on the platform, the carefully monitoring of incidents and if possible, the fact they they will solve incidents on their own. The support consultants are actively involved in keeping the systems operational with the maximum uptime requested.
ISAE 3402 type II certified
inQdo is ISAE 3402 type II certified since 2016 and recently started on the ISO 27001 certification. The policies that are defined in the ISO 27001 on privacy are in line with the GDPR.
Photo: Jason Blackeye