What should you do to be GDPR-ready?
The European Union has taken a monumental step in protecting the fundamental right to privacy for every EU resident with the General Data Protection Regulation (GDPR) which will be effective from May 25, 2018. Simply put, EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data. Claire is well aware of its role in providing the right tools and processes to support its users and customers meet their GDPR mandates.
At Claire, we have always honored our users’ right to data privacy and protection. We have never relied on advertising as a revenue stream. We have never served ads to our users. This means that we have no necessity to collect and process users’ personal information beyond what is required for the functioning of our products. We already have strong Data Processing Agreements, and we are revising them to meet the requirements of the GDPR. Claire Corporation participates in and has its compliance with the EU-U.S. Privacy Shield Framework. We recognize that the GDPR will help us move towards the highest standards of operations in protecting customer data.
How is Claire preparing for GDPR?
With a cloud application used by 2000+ users across 4 countries, Claire is gearing up to be GDPR compliant across all of its application, by the time the regulation comes into effect. As a data processor, Claire understands its obligation to help customers get ready for the big day. We have thoroughly analyzed GDPR requirements and have put in place a website where you can find all the information you need. Some of our ongoing initiatives are:
- Identifying personal data – providing a roadmap for compliance in the days leading up to implementation.
- Providing visibility and transparency – The most important aspect of GDPR is how the collected data is used. As a data processor, Claire’s key role is to provide our customers (the data controllers) with the access to effectively manage and protect their user data. Claire is exploring ways to make optimal product enhancements without compromising on performance so that we can provide better transparency to our customers.
- Enhancing data integrity and security – As our customers tighten their data security measures, Claire would like to extend a helping hand. We’re streamlining the processes for our cloud applications by implementing IT policies and procedures that provide end-to-end security.
- Portability and transferability of data – GDPR gives end users the right to either receive all the data provided and processed by the controller or transfer it to another controller depending on technical feasibility. With this new right in mind, Claire is working on further enhancing its data exporting capabilities to enable export even at the individual level.
What does this mean for our customers?
We understand that meeting the GDPR requirements will take a lot of time and effort. And as your partner, we want to help you make your process as seamless as possible, so that you don’t have to worry about compliance and can focus more on running your business. Some of our product enhancements are about to make it easier for you to:
- Provide access controls
- Encrypt, anonymize or delete user data
- Perform data audits or assessments using data processing logs
- Create provisions for data subjects rights
- Enhance security for user data
What should you do to be GDPR-ready?
If you are just getting started with GDPR compliance in your organization, here’s a quick to-do list to keep in mind.
- Create a data privacy team to oversee GDPR activities and raise awareness
- Review current security and privacy processes in place & where applicable, revise your contracts with third parties & customers to meet the requirements of the GDPR
- Identify the Personally Identifiable Information (PII)/Personal data that is being collected
- Analyze how this information is being processed, stored, retained and deleted
- Assess the third parties with whom you disclose data
- Establish procedures to respond to data subjects when they exercise their rights
- Establish & conduct Privacy Impact Assessment (PIA)
- Create processes for data breach notification activities
- Continuous employee awareness is vital to ensure continual compliance to the GDPR
Claire – Customer – Customer data and GDPR
Claire is a Data Processor it means that we process / store data that we receive from your systems or manual put into or systems by You the Data Controller
Data we process: We receive and store Personal data from your customers as Name, Title or Gender, email, Phone nr, adres. – General Car and Workorder information.
Data WE DO NOT Process: or store Special personal information like, religion, way of life, race, political art, health, personal financial situation, social security nr.
Claire will not share or deliver data with other companies without your permission, except for the company’s we use to process and store or data as provided into this document.
Claire is using Google Cloud Services and is GDPR compliant. We store data in Google datacenters in Belgium and The Nederlands. https://cloud.google.com/security/gdpr/ We use zoho analytics and Google analytics to analyse the use of or software and build reports for the Controller. V20180520.01