The EU General Data Protection Regulation (GDPR) coming into force on May 25, 2018.
The regulation will affect any companies that handles personally identifiable data (PID) of EU citizens. Simply saying, if your organization that has EU citizen employees and customers, this regulation will apply to you - no matter where your current business or entity is based.
The regulation means significant changes in the way organizations collect, report and handle PID. More important legislation details that are easy to understand and implement, such as the need for:
- Entity to have a Data Protection Officer.
- A mechanism to provide EU Citizens with a throughout report on data companies hold on them.
- Providing a way of EU Citizens to invoke the right to be forgotten or not forgotten.
- Data leakage to be reported to the jusrisdictional (local) enforcing authority within 72 hours.
However, each organization has a free right about how to deliver on these requirements. But where should we start?
Fortunately, there is a solution that can help your business - called Chronos Workflow Platform (CWP). This solution plays an important role in helping companies comply with the EU Data Protection rules and by automating your business processes and reports within.
Chronos Workflow is GDPR Ready
Protect your business by adding legal consent for fields and documents those handling personal data.
GDPR obliges your company to collect data only for “specified, explicit and legitimate purposes.”
GDPR requires you to ask for consent when you want to process data like an employee's name, personal tax ID number, email address, disability information, cultural, genetic or biometric information or information gathered for background check or SEO surveys.
In these cases, you must ask for consent in a clear and intelligible way and provide employees / customers with clear instructions on how to withdraw their consent should they wish to.
Therefore, when you use a process / document management system processing personal data, you also need to add the consent category for fields. CWP covers such feature by adding consent for process fields and documents.
Find all personal data by custom reports.
EU customers or employees will have the "Right of Access by a data subject" rule (Article 15 - GDPR) to request all digital data you hold on them. Digital data means documents and also process fields include or may include such data. Your business will have to supply it, in its original format and within a month.
Retrieving such data from several systems that uses personal data will take countless employee hours with a chance that some information will be missed. However, Chronos Workflow can recognize field values and documents including or may include sensitive personal data you are looking for to be listed.
Irreversibly delete (de-personalize) data without a negative impact on vital business processes.
First, find all places where you keep personal data (you must have done this during your data audit too) and establish a process to delete data from all places. When EU customers or employees ask your company to 'forget' their sensitive data that you are still obliged to store due to specific law then you can keep such data but must refer to the legal purpose.
Once you report personal data in CWP then you can also see why (the legitime purpose) and how long the data is stored, so you may reject the deletation.
However, your employees or even job candidates may also request to keep or change specific data. For this purpose, simply report and easily find all places where you keep personal data within CWP and you can easily update data on request while such field changes are recorded.
CWP Function Arsenal at Your Service
The platform has been througly reviewed to be GDPR compliant for data protection purposes from May 25, 2018.
Self-service, ad-hoc reporting mechanism.
Automated Data Privacy
Request a Demo
Look at how the Chronos Workflow Platform (CWP) can automate processes and give your business the functions to address a GDPR compliant response to internal data handling and public (external) Data Handling Access Requests from May, 2018.
Compliance means lower risk of data leakage, fines and sanctions. Also increase highly regulated industries to be compliant with processes, including their ability to show enforcing bodies that business processes are adequetly documented, reportable and also version history and audit trails are standard functions.