The General Data Protection Regulation (GDPR) will apply as of 25 May 2018. This means that from that date onwards, the same privacy legislation applies throughout the European Union (EU). This law replaces current local law regarding Personal Data Protection and imposes stricter requirements on the way in which personal data are processed.
GDPR in short
Companies should have a legal basis for processing personal data. As a company you cannot just save data or use it in the way you wish for. In addition, personal data may not be kept longer than necessary for the purpose of the processing. GDPR therefore brings new obligations for companies., such as:
Most companies will have to modify their privacy statement. The privacy statement should at least includes the following:
- Company details, contact information
- Data Protection Officer of your company
- Personal data your company processes
- Whether you process special and / or sensitive personal data
- For what purpose and on what basis you process personal data
- How long personal data is stored
- Sharing personal data with third parties
- Cookies, or similar techniques, that you use
- To view, modify or delete data
- How personal data is protected
In order to store personal data, you need permission from the person in question. And you have to record this permission! And note: this applies to both digital and offline communication. Customers are an exception. For example when you send a digital newsletter to your customers, you do not need explicit permission from your customers. However, you are obliged to ensure that customers can easily unsubscribe from your newsletter.
Persons whose data you process have the right of access, modify and delete their personal data.
Next to that you are obliged to conclude a data processing agreement with all companies that process personal data for you You as a customer of Qbil must also conclude a data processing agreement with Qbil. After all, personal data is processed in our software Qbil-Trade®. We come back to this later in this newsletter.
In the event of a data breach, the Dutch Data Protection Authority needs to be notified immediately.
Do you fully comply with the GDPR?
Do you still not fully comply with the AVG? Or do you not know exactly what you still have to do?
This site tells you step by step what you still need to do to comply with the AVG law:
And on this site you can easily generate a privacy statement:
What about Qbil Software & GDPR?
What have we done so far?
- We have extended and modified our privacy statement. You can find these on our website and in the news overview of Qbil-Trade®.
- We have drawn up a data leaks protocol. This protocol is part of the data processing agreement that we will send you this week.
- We have a register for documenting any personal data leaks.
- We have concluded a data processing agreement with all our suppliers that process personal data for us. For example with Google Analytics, MailChimp, hosting companies but also with our accounting software supplier and the company that processes our payroll administration.
- We have compiled a record of processing activities
Data Processing Agreement (DPA)? What is that?
Our Qbil-Trade® software processes personal data for contracts, deliveries and invoicing etc. We are therefore a processor of personal data that you are responsible for. We are obliged to conclude a data processing agreement with you that specifies how we handle personal data. The agreement offers guarantees that the protection of the rights of persons is guaranteed.
The main contact persons known to us will receive the data processing agreement this week from Hikmet Once through e-mail.
Questions about GDPR?
Do you have any questions? You can contact Martine van den Berg by phone on Tuesday, Wednesday and Thursday at +31 (0) 318 50 20 26.