The EU General Data Protection Regulation
What does the General Data Protection Regulation mean for TimePlan’s customers?
The much-discussed EU General Data Protection Regulation (GDPR) became effective on 25th May, 2018. Here is an overview of what the new rules will mean to you as a TimePlan customer, and how TimePlan Software A/S is affected by them.
TimePlan Software A/S is working with staff administrative data. Therefore, we focus only on personal data relating to payroll and human resource tasks, although the EU GDPR contains many other aspects.
We have made an overview of the most important questions and answers regarding data processing agreements, data storage and data access for TimePlan Software’s customers.
Questions and answers
1. What are the biggest and most important changes in personnel management with the EU GDPR?
The new EU GDPR contains significant new requirements for documentation when it comes to the processing of personal data and an underlying expectation of increased accountability when dealing with personal data. Some of the main points are new documentation requirements, insights, data processing agreements and employee training. As a company, we must be able to document that personal data is processed legally and stored securely, including where, how and why we store personal data and who has access to the data.
TimePlan Software A/S works in collaboration with our customers own internal handling processes, ensuring that the data is securely stored with restricted access. Employees that require access to the data will be allocated unique user credentials that are password protected.
2. Does TimePlan Software meet the requirements of the EU GDPR?
We will have all the necessary documentation in place prior to the regulation becoming effective on the 25th May, 2018. Today, TimePlan Software A/S is compliant with the requirements of the current data protection regulation in Denmark. Right now, we are working on implementing the EU GDPR in all areas of our organisation, ensuring that IT systems, IT processes and supplier agreements meet the demands of this regulation. Our accreditation to ISAE 3402 will further enhance and exceed these standard requirements, where our internal processes will be audited annually by an external security consultant.
3. Where does TimePlan Software A/S store customer’s personal data?
Depending on the specific agreement with the individual customer, we store our customer’s personal data in Denmark.
4. Who has access to TimePlan customer’s personal data?
Only the relevant employees at TimePlan Software A/S have access to TimePlan customers’ personal data. Our employees are trained and understand the sensitivity of processing personal data and are, of course, subject to professional confidentiality. Access to data is on a ‘need to know’ basis and only in connection with the agreement between us and the customer for support, maintenance and updating purposes.
5. What changes will be made in TimePlan as a result of the new Personal Data Regulation?
Based on the new regulation the following changes have been applied in TimePlan prior to 1 May 2018:
1. Enhanced User Password Management.
2. Encryption of fields in the database, if these are marked as personal.
3. Ability to delete data based on selected criteria.
4. Report of rights profiles.
5. User Rights Report.
6. Managing personal fields on printouts.
6. As a TimePlan customer, do I automatically receive a new data processing agreement?
Yes. Our team has prepared up-to-date data processing agreements, which all our customers receive before the GDPR becomes effective. The new data processing agreements will comply with all the requirements of the EU GDPR so that you have the required documentation in place should you ever need validation from an external authority.
To ensure optimal and documentable compliance with the necessary technical and organizational security measures, an incorporated and validated stringency is required. We ensure this by using our own agreement and an ISAE 3402 statement, so that you as a customer know that our employees truly comply with the standards. It can thus be documented and linked to your company’s own compliance with the regulatory framework.
7. Which version of TimePlan contains the latest GDPR changes?
TimePlan version 7, which is the latest operating version, automatically contains the latest GDPR changes. If you, as a TimePlan customer, have not already upgraded to version 7, this is one of the advantages of doing so.
8. What should I do right now with regards to my cooperation with TimePlan Software?
Nothing. All customers and collaborators will automatically receive new data processing agreements from us. Therefore, you do not have to prepare or submit updated data processing agreements to us – we will contact you in ample time before the regulation becomes effective.
Do you have other questions regarding the EU GDPR and TimePlan?
Then please contact TimePlan consultant Ulrik Willumsgaard, telephone +45 9840 2020 or firstname.lastname@example.org.