GDPR

AB Tasty’s compliance plan

before the GDPR is enforced

Security and compliance are our top priorities

At AB Tasty, our teams are informed and ready to act regarding the new European regulation concerning the protection of personal data.

Our commitment: actively work to ensure that our solution respects the entirety of the European regulation before the enforcement date in May, 2018.

Data Protection
What’s going to change with the GDPR

May 25th, 2018, a new regulation regarding personal data protection will be enforced for businesses in the member states of the European Union: the General Data Protection Regulation (GDPR). Recently, a lot of information has been circulating regarding this subject. We thought it would be instructive to take a look at the principles of this new regulation.

GDPR, or the General Data Protection Regulation, is the new European authoritative text regarding the protection of personal data. It reinforces and unifies data protection for individuals living within the European Union.

All companies or organizations, whatever their country of origin, collecting or processing data of European citizens are affected by this new regulation. Third parties, such as companies storing data online (cloud providers) are therefore also affected.

Starting from May 25th, 2018, companies and other organizations who are not respecting these measure will be subject to fines as defined in the text.

Increased penalties: 20 million euros or 4% of worldwide annual turnover.

The steps of our compliance plan

Since we’re dedicated to respecting international laws and regulations, we are actively working on making our solution compliant with the new European regulation. Since this new legislation will be enforced in May 2018, we are currently preparing to be in total compliance.

Below are the steps we’ve identified in order to be in complete conformity with the new European text:

Step 1

Designate a DPO

For many companies, it’s necessary to nominate a Data Protection Officer (DPO) whose role is to inform and advise, as well as ensure data processing compliance.

Step 2

Name an internal committee

This internal committee brings together Technical, Data and Legal functions, and is in charge of implementation and compliance for AB Tasty regarding the measures of the new European regulation.

Step 3

Identify different data types

We are going to map out all of the different data that needs to be protected in order to identify different data, and to identify their level of importance.

Step 4

Put in place an internal process

We are going to reassess, using the data map elaborated and described above, all of our processes for collecting personal data.

Step 5

Create a register of processing operations

The purpose of this register is to scrutinize all of our processes for collecting data in regards to respecting international laws and regulations.

Step 6

Update our contractual documents

We are going to update all of our commitments regarding data protection in accordance with the General Data Protection Regulation.

Step 7

Guarantee a high level of security

We continue to work every day to improve and strengthen our processes and systems to minimize the risk of a data breach as much as possible.

Step 8

Ensure we are part of a compliant ecosystem

We ensure that our ecosystem of European partners and service providers are compliant with current legislation.

GDPR Compliance Plan

What does it mean for a CRO solution
to be GDPR compliant?

All of our teams are meticulously working to ensure conformity with the new European regulation. We are committed to actively working so that our solution respects all of the measures of the European regulation starting from the enforcement date in May, 2018.

We are also committed to respecting the principles of this legislation, which consists of regulating data collection.

Processing purpose principle

Have a legitimate objective to be able to collect personal data. The use and aim of collecting this data must also be clear and legitimate.

Data relevance principle

Only relevant and necessary information can be collected: a retail website which sells shoes has no need for information concerning gender, age, marital status or sexual preference of their visitors, as opposed to an online dating site.

The principle of time-limited preservation

Collected data must not be conserved for longer than a certain period of time consistent with the aim of collection. Beyond this date, the data may be archived in a separate format.

Security and confidentiality principle

Guaranteeing the confidentiality of data and preventing their incursion, loss, deterioration or communication to third parties. Security measures must match the nature of the data and the potential risks.

Transparency principle

The company which is the source of the data collection must inform users of the collection and sharing of information with third parties. The site’s users can, with respect to themselves, control the information they wish to share or not.

The principle of respecting individuals' rights

Users must be informed about the purpose behind the processing of their data. They benefit from the right to rectify or delete this data, or to oppose its collection for legitimate reasons.

Maximizing the guarantee of high-level security

We are continuing to work on the implementation of the measures necessary to prevent damage to, improper use of or fraudulent access to data. Access to data must only be reserved for specific people, or third parties that have special, temporary authorization (tax bureau, police, etc). It is our duty to determine and maintain a reasonable timeframe for conserving personal information. In case of non-compliance of these obligations, the GDPR provides for punishments that can go from heavy fines to imprisonment.

In order to maximize the guarantee of high-level security, it’s necessary to work on a map of data to protect in order to identify the different potential sources of leaks or flaws, as well as their level of importance.

Lastly, to lead a protection strategy for collected data, regular updates are needed, since information is constantly at risk. For each incident, an inquiry must be undertaken in order to strengthen the security measures put in place. This is another reason for creating an internal committee - to mobilize adequat, experienced human resources.

Get in touch for a walk-through of our all-in-one CRO platform

X