The EU General Data Protection Regulation (GDPR) came into force on May 25, 2018.

The regulation will affect any companies that handles personal data of EU citizens. Simply saying, if your organization that has EU citizen employees and customers, this regulation will apply to you - no matter where your current business or entity is based.

The regulation means significant changes in the way organizations collect, report and handle such sensitive dat. More important legislation details that are easy to understand and implement, such as the need for:

• Entity to have a Data Protection Officer.
• A mechanism to provide EU Citizens with a throughout report on data companies hold on them. 
• Providing a way of EU Citizens to invoke the right to be forgotten or not forgotten.
• Data leakage to be reported to the jurisdictional (local) enforcing authority within 72 hours.

However, each organization has a free right about how to deliver on these requirements, but where should we start? 

Fortunately, there is a solution that can help your business - called Chronos Workflow Platform (CWP). This solution plays an important role in helping companies to comply with this EU legistlation while you manage business processes even on paper including several personal data and moreover automate and streamline any of it.

Chronos Workflow is GDPR Ready

Protect your business by adding legal consent for fields and documents those handling personal data. 

GDPR obliges your company to collect data only for “specified, explicit and legitimate purposes.” 

GDPR requires you to ask for consent when you want to process data like an employee's name, personal tax ID number, SS number, email address, disability information, cultural, genetic or biometric information or even information gathered for background check or SEO surveys.

In these cases, you must ask for consent in a clear and intelligible way and provide employees / customers with clear instructions on how to withdraw their consent should they wish to.

Therefore, when you use a process / document management system processing personal data, you also need to add the consent category for fields. CWP covers such feature by the function of adding consent for process fields and documents.

Find all personal data by custom reports. 

EU customers or employees will have the "Right of Access by a data subject" rule (Article 15 - GDPR) to request all digital data you hold on them. Paper but mostly digital data means documents and also process fields include or may include such data. Your business will have to supply it, in its original format and within a month. 

Retrieving such data from several systems that use personal data will take countless employee hours with a chance that some information will be missed. However, Chronos Workflow can recognize field values and documents including or may include sensitive personal data you are looking for to be listed. 

Irreversibly delete (de-personalize) data without a negative impact on vital business processes.

First, find all places where you keep personal data (you must have done this during your data audit too) and establish a process to delete data from all places. When EU customers or employees ask your company to 'forget' their sensitive data that you are still obliged to store due to specific law then you can keep such data but must refer to the legal purpose.

Once you report personal data in CWP then you can also see why (the legitime purpose) and how long the data is stored, so you may reject the deletation.

However, your employees or even job candidates may also request to keep or change specific data. For this purpose, simply report and easily find all places where you keep personal data within CWP and you can easily update data on request while such field changes are recorded.

CWP Function Arsenal at Your Service

The platform has been througly customized to be GDPR compliant for data protection purposes from May/25/ 2018.