From 25/05/2018, COSERVIT, as a company processing the personal data of European citizens, is subject to the GDPR (General Data Protection Regulation).
This term is probably familiar to you, but do you know in detail its implications?
Here is a quick summary:
- Stronger rights concerning your personal data
- Transparency on data use and purpose
- Obligations on the data holder, such as keeping a record of use, auditing of use, legality and purpose
- “By default” and “by design” measures; guaranteeing, by default, respect of the rights related to personal data, through the design of our processes and products.
At COSERVIT, we did not wait until 25/05 to make your personal data a priority, and some measures are already in place, while others are being finalized.
Of course, the work of compliance does not stop at 25/05, and will be continuously “challenged” with each new process and with each new feature.
Here’s how we ensure the protection of your personal data, and that of your customers:
At Organisation level
- A Data Protection officer (DPO) , single point of contact for all requests and questions: Florian MATTES / firstname.lastname@example.org
- Internal procedures to respond to requests as quickly and fully as possible
- Systematic logging of consent (or withdrawal), concerning commercial communication (prospecting) and marketing and mass emailing, within our CRM tools
- Rigorous monitoring of the compliance of our suppliers and subcontractors, and the drafting of amendments as necessary
- Total transparency on the purposes of each data collection, in particular that collected via our website
- Awareness of our teams, and establishment of a “culture of personal data”, through guides of best practices
- Keeping records of use, requests and violations
- IT security measures
- Strong password policy as standard on internal tools
- Tight access restriction to the bare minimum on critical resources
- Other non-disclosure measures
At Product level
- Standard encryption of sensitive data
- In version 3.17, it will be possible to enter a legal notice text related to data use, as well as a link to the GDPR policy (hosted on your website for example). This text will appear on the login screen.
- LeadSeed – developments under consideration
- GDPR administration module, to respond to the requests of your customers and prospects
- Exercise of rights
- Withdrawal of consent
- Consultation / Portability
- Suppression by anonymisation
- Block of text + URL (similar ServiceNav) for the legal notices related to the use of data
- On the questionnaires
- Systematic obtaining of consent
- Security: The LeadSeed platform was successfully audited by one of our large account customers in March 2018, and revealed no vulnerabilities.
And you.. are you GDPR ready?
Evaluate your level of compliance with our Self Assessment!