This website uses cookies to aid in your browsing, operations and proper functioning of the website. Its use depends on your acceptance.
Your consent may be withdrawn at any time through specific browser tools. More informations.
General Data Protection Regulation (GDPR)
What is GDPR?
The General Data Protection Regulation (GDPR) is one of the biggest changes ever, and has been an issue on the agenda, regarding how the processing of personal data should be processed.
What is the purpose?
Harmonization of European regulations on the protection of personal data, updating of the legislation applicable to personal data protection, adopted more than 20 years before the widespread use of the Internet, and strengthening citizens' rights, data owners.
What influence does it have in my company/business?
The GDPR has an impact on all companies and the processes of all its departments, regardless of their size or turnover, that are or are acting in one of the European Union's spaces.
Your business will have to ensure more efficient security policies and protection of personal data, prevent misuse and give them all the necessary mechanisms to control them, in order to achieve full compliance with the GDPR.
Your business will have to ensure more efficient security policies and protection of personal data, prevent misuse and give them all the necessary mechanisms to control them, in order to achieve full compliance with the GDPR.
Which are the basic principles of the GDPR?
The RGPD defines a set of concepts and obligations that are broadly translated into 4 basic principles, which answers the companies are obliged to give and to prove, in order to demonstrate responsibility and compliance with the regulation:
-
Why do we have personal data?- Execution of a contract?
- Legal obligation?
- Vital interests of the data owner?
- Public interest?
- Consent? -
Who has access to personal data?- Human Resources Staff?
- Billing Staff?
- Accounting Staff?
- Quality Staff?
- HST Staff? -
How long do we retain personal data?- Invoicing: 10 years?
- Curriculum: 1 year?
- Medical Fitness Certificate: 5 years?
- CCTV: 30 days? -
How do we ensure data security?- How do we access and update the data?
- Do we have physical/digital controls?
- How safe and secure are the data?
- How do we react to failure?
- How do we detect intruders?
What if I do not comply?
The GDPR is a regulation that becomes mandatory from 25 May 2018 and non-compliance with the Regulation as of this date may incur fines up to EUR 20 million or, if higher, up to 4% of the volume of the company's global business.
More than a technological change, AN IMPROVEMENT OF BEHAVIORS!
Technology plays an important role in streamlining data protection, automating processes and helping to increase data control, reducing risk and ensuring compliance with legal requirements.
However, it is critical that companies realize that the success of the technology implementation under the GDPR depends essentially on processes, people and their behaviors.
Much more than a simple change of procedures performed in a software, this regulation defines procedures and good practices for the companies with regard to the collection and processing of personal data of their customers, suppliers and employees.
If software is an important tool in this process, the focus should be on changes in management processes. Therefore, each company must analyze and review its internal procedures, understand what personal data it has collected and what its treatment is.
However, it is critical that companies realize that the success of the technology implementation under the GDPR depends essentially on processes, people and their behaviors.
Much more than a simple change of procedures performed in a software, this regulation defines procedures and good practices for the companies with regard to the collection and processing of personal data of their customers, suppliers and employees.
If software is an important tool in this process, the focus should be on changes in management processes. Therefore, each company must analyze and review its internal procedures, understand what personal data it has collected and what its treatment is.
role?
Our commitment is to ensure the confidentiality of personal data (yours and third parties, ie your customers); to inform you about third parties that may have access to the data; and to inform you if undue access is detected.
WeoInvoice has implemented in all of its plans a set of changes that will help it fulfill its obligations under the GDPR, such as:
WeoInvoice has implemented in all of its plans a set of changes that will help it fulfill its obligations under the GDPR, such as:
identify fields likely to contain personal data
forget the personal data owner
portability of the personal data owner
set permission to contact the personal data owner
user profile without access to personal data and limited search
security of the connection between the client and the server
data security and ecryption
login and access protection
weoInvoice privacy policy update
clear indication of the purpose of the data and its treatment
use of registration data for defined and agreed purposes
forget the personal data owner
portability of the personal data owner
set permission to contact the personal data owner
user profile without access to personal data and limited search
security of the connection between the client and the server
data security and ecryption
login and access protection
weoInvoice privacy policy update
clear indication of the purpose of the data and its treatment
use of registration data for defined and agreed purposes
In addition, a new module was created, the
This tool allows those responsible for the processing of personal data to register, execute, control, monitor, document and audit all obligations under the GDPR.
It aims to ensure that all principles relating to the processing of personal data are safeguarded and dealt with in accordance with the Regulation, and to ensure the rights of owners with regard to their data in relation to the entity responsible for their processing.
O módulo implements the following GDPR compliance steps:
1. Know the Regulation and its timings
2. Designate a data controller
3. Inventory data processing processes
4. Define and manage risk on personal data
5. Prioritize actions to be taken
6. Perform internal processes
7. Creating protective measures
8. Create Compliance documentation
It aims to ensure that all principles relating to the processing of personal data are safeguarded and dealt with in accordance with the Regulation, and to ensure the rights of owners with regard to their data in relation to the entity responsible for their processing.
O módulo implements the following GDPR compliance steps:
1. Know the Regulation and its timings
2. Designate a data controller
3. Inventory data processing processes
4. Define and manage risk on personal data
5. Prioritize actions to be taken
6. Perform internal processes
7. Creating protective measures
8. Create Compliance documentation