The General Data Protection Regulation, or GDPR, came into effect on May 25th, 2018. European Union (EU) countries enforced a new regulation that is set to be more fit for the digital age. GDPR changes the way organizations handle customer information giving people more control over their data. All organizations, including international organizations, which do business in EU countries must comply with a new set of rules related to the protection of personal data.
Why is GDPR Important to Us
As a leading provider of security workforce management solutions, protection is part of our DNA, and our team is prepared and devoted to helping customers comply with the new regulations. Trackforce partners with EU-based multinational companies that in light of GDPR, are mandated to only work with data processors that are compliant with GDPR data protection standards (visit our GDPR handbook for more details). We have made all the necessary enhancements to our products and documentation to ensure compliance with the GDPR.
Being GDPR Compliant Benefits Everyone Not Just EU Customers
The recent misuse of personal data by Facebook and data breaches by companies such as Deloitte, DocuSign, and many others has made dealing with personal data more sensitive than ever. It can take a company a long time to notify users that their information has been compromised. Under new regulations, this is going to change. Data officers will have to inform the authorities, should an incident occur, no later than 72 hours after becoming aware of it. With cyber security threats being as high as they are, being GDPR compliant is going to be a major plus. GDPR compliance is recognized as a certification ensuring the highest level of data privacy & security. It is particularly important for security end users such as healthcare organizations and others dealing with sensitive data.
For now, only our EU clients will have to set up GDPR parameters inside Trackforce applications. However, all of our clients will benefit from our GDPR-compliant legal documents, including Privacy Policy, Data Processing Agreements and Terms of Service (you can find all documents here). Additionally, we are going to work with GDPR compliant suppliers only.
GDPR vs. North American Data Regulations
Being GDPR compliant is a significant investment from legal counsel, employee training to engineering resources. While Trackforce put all the measures in place to be compliant, many US and Canada-based security workforce management providers won't be compliant. Here is just an example of how North American and EU privacy regulations are different now with GDPR in effect:
- Companies in the U.S. who have been the target of a data breach have up to 30 days to notify those who have been affected. As previously mentioned, EU companies will have up to 72 hours to send out notifications from the time they became aware of the breach.
- Regarding what the notification letters should say, U.S. data regulations have vague specifications on what companies can and shouldn't say. The GDPR will do things a bit different. Data-breach letters will specify the nature of the compromised data categories, the total number of those affected, the company's DPO, and provide further information.
- Under new E.U. regulations, individuals have to actively opt-in for each way in which their data is being used and their consent needs to be documented. The consent must specifically relate to what the data is used for. In the U.S., data protection laws aren't non-existent but are rather vague and aren't as stringent as those in the E.U.
For any questions or concerns, please contact our Data Protection Officer (DPO) at dpo@trakforce.com.
Guirchaume Abitbol
CEO Trackforce