Difference between revisions of "General Data Protection Regulation (GDPR)"

From SmartWiki
Jump to: navigation, search
Line 27: Line 27:
  
 
||
 
||
* (5)(2) Accountability
+
* [https://gdpr-info.eu/art-5-gdpr/ (5)(2) Accountability]
  
 
|-
 
|-
Line 36: Line 36:
 
This feature will allow you to tailor highly specific security and data retention policies to different classes of data. You are able to apply any number of policies to a category.
 
This feature will allow you to tailor highly specific security and data retention policies to different classes of data. You are able to apply any number of policies to a category.
  
||  
+
||
 
* [https://gdpr-info.eu/art-30-gdpr/ (30)(1)(e) Categories of Personal Data]
 
* [https://gdpr-info.eu/art-30-gdpr/ (30)(1)(e) Categories of Personal Data]
 
* [https://gdpr-info.eu/art-25-gdpr/ (25)(2) Technical and Organisational Measures; demonstration of purpose]
 
* [https://gdpr-info.eu/art-25-gdpr/ (25)(2) Technical and Organisational Measures; demonstration of purpose]
Line 43: Line 43:
 
||'''Data Retention Policies'''
 
||'''Data Retention Policies'''
 
||A data retention policy defines how ''long'' your organization will need to retain the data of this category in the system before it is erased. A data retention policy can be placed on any field in the system, and the erasure will be completely automated. Retention is based on the number of months or days after a specific date.
 
||A data retention policy defines how ''long'' your organization will need to retain the data of this category in the system before it is erased. A data retention policy can be placed on any field in the system, and the erasure will be completely automated. Retention is based on the number of months or days after a specific date.
||  
+
||
 
* (5)(1)(e) Storage Limitation
 
* (5)(1)(e) Storage Limitation
* (5)(1)(b) Purpose Limitation  
+
* (5)(1)(b) Purpose Limitation
  
 
|-
 
|-
|| '''Data Security Policies'''  
+
||'''Data Security Policies'''
 
||
 
||
 
A data security policy defines who can see and/or modify the data of this category in the system.
 
A data security policy defines who can see and/or modify the data of this category in the system.
  
Security policies support [[SmartSimple]]'s [[Role Based Security|role-based security]]. We can configure your security policies to help you achieve the principle of '''principle limitation''' and '''integrity and confidentiality''' by ensuring that only those who need to access data for legitimate, specified purposes will be allowed to do so.  
+
Security policies support [[SmartSimple]]'s [[Role Based Security|role-based security]]. We can configure your security policies to help you achieve the principle of '''principle limitation''' and '''integrity and confidentiality''' by ensuring that only those who need to access data for legitimate, specified purposes will be allowed to do so.
  
||  
+
||
 
* (5)(1)(b) Purpose Limitation
 
* (5)(1)(b) Purpose Limitation
 
* (5)(1)(f) Integrity and Confidentiality
 
* (5)(1)(f) Integrity and Confidentiality
Line 61: Line 61:
 
||'''Pseudonymization'''
 
||'''Pseudonymization'''
 
||
 
||
'''Pseudonymization''' allows you to mask personal data fields, so that the data you retain on an individual is rendered unidentifiable.  
+
'''Pseudonymization''' allows you to mask personal data fields, so that the data you retain on an individual is rendered unidentifiable.
  
 
Pseudonymization allows for a nuanced approach to data management. Deleting a entire [[Profile|profile]] and all the data associated with a person is often unnecessary and will create gaps in [[Reports|reports]]. Utilizing pseudonymization enables you to render specific [[Standard Fields|fields]] unidentifiable, retaining the effectiveness of long-term reporting while meeting data retention requirements.
 
Pseudonymization allows for a nuanced approach to data management. Deleting a entire [[Profile|profile]] and all the data associated with a person is often unnecessary and will create gaps in [[Reports|reports]]. Utilizing pseudonymization enables you to render specific [[Standard Fields|fields]] unidentifiable, retaining the effectiveness of long-term reporting while meeting data retention requirements.
  
||  
+
||
 
* (5)(1)(e) Storage Limitation
 
* (5)(1)(e) Storage Limitation
 
* (5)(1)(f) Integrity and Confidentiality
 
* (5)(1)(f) Integrity and Confidentiality
 
* (5)(1)(b) Purpose Limitation
 
* (5)(1)(b) Purpose Limitation
 
|}
 
  
 
|}
 
|}

Revision as of 11:23, 26 August 2019


Construction warning.png Please note that this page is currently under construction. There is more information to come.


Overview

One of the largest aspects of SmartSimple's privacy configuration is our compliance with the General Data Protection Regulation (GDPR). The GDPR is an EU legislation that is designed to protect the fundamental rights of citizens and their personal data. This law ensures that people not only know where their private data is kept, but it also holds organizations accountable and transparent in their practices.

EUGDPR.org lists the key changes brought about by the enforcement of the GDPR, which began on May 25, 2018. As a directly binding regulation, the GDPR stipulates that controllers of personal data must put in place appropriate technical and organizational measures to implement its data-protection principles.

This article describes which features and policies SmartSimple has implemented into our platform to help you comply with the GDPR.

Feature Descriptions and Requirements

Consent and Compliance Features

These features are catered towards managing your data subjecft's consent, as well as managing your overall compliance.

Feature Description GDPR Regulation
Personal Data Field (Indicator)

This will indicate whether a field contains personal data and add a processing description.

This allows you to quickly differentiate between personal and non-personal data fields, and allow internal and external users to view the description. Adding an indicator makes it easier to ensure that all personal data fields are accounted for when erasing personal data, adding policies, enabling pseudonymization, or searching/reporting.

Data Categories

Organizing the data you collect into data categories such as the following: Contact Data, Financial Data, Highly Sensitive Data, etc.

This feature will allow you to tailor highly specific security and data retention policies to different classes of data. You are able to apply any number of policies to a category.

Data Retention Policies A data retention policy defines how long your organization will need to retain the data of this category in the system before it is erased. A data retention policy can be placed on any field in the system, and the erasure will be completely automated. Retention is based on the number of months or days after a specific date.
  • (5)(1)(e) Storage Limitation
  • (5)(1)(b) Purpose Limitation
Data Security Policies

A data security policy defines who can see and/or modify the data of this category in the system.

Security policies support SmartSimple's role-based security. We can configure your security policies to help you achieve the principle of principle limitation and integrity and confidentiality by ensuring that only those who need to access data for legitimate, specified purposes will be allowed to do so.

  • (5)(1)(b) Purpose Limitation
  • (5)(1)(f) Integrity and Confidentiality
Pseudonymization

Pseudonymization allows you to mask personal data fields, so that the data you retain on an individual is rendered unidentifiable.

Pseudonymization allows for a nuanced approach to data management. Deleting a entire profile and all the data associated with a person is often unnecessary and will create gaps in reports. Utilizing pseudonymization enables you to render specific fields unidentifiable, retaining the effectiveness of long-term reporting while meeting data retention requirements.

  • (5)(1)(e) Storage Limitation
  • (5)(1)(f) Integrity and Confidentiality
  • (5)(1)(b) Purpose Limitation