AB Tasty’s GDPR compliance plan

Security and compliance are our top priorities

At AB Tasty, our teams are informed and ready to act regarding the new European regulation concerning the protection of personal data.

Our commitment: actively work to ensure that our solution respects the entirety of the European regulation before the enforcement date in May, 2018.

Data Protection: What’s going to change with the GDPR

May 25th, 2018, a new regulation regarding personal data protection will be enforced for businesses in the member states of the European Union: the General Data Protection Regulation (GDPR). Recently, a lot of information has been circulating regarding this subject. We thought it would be instructive to take a look at the principles of this new regulation.

The steps of our compliance plan

Since we’re dedicated to respecting international laws and regulations, we are actively working on making our solution compliant with the new European regulation. Since this new legislation will be enforced in May 2018, we are currently preparing to be in total compliance.

Below are the steps we’ve identified in order to be in complete conformity with the new European text:

Designate a DPO

For many companies, it’s necessary to nominate a Data Protection Officer (DPO) whose role is to inform and advise, as well as ensure data processing compliance.

Name an internal committee

This internal committee brings together Technical, Data and Legal functions, and is in charge of implementation and compliance for AB Tasty regarding the measures of the new European regulation.

Identify different data types

We are going to map out all of the different data that needs to be protected in order to identify different data, and to identify their level of importance.

Put in place an internal process

We are going to reassess, using the data map elaborated and described above, all of our processes for collecting personal data.

Create a register of processing operations

The purpose of this register is to scrutinize all of our processes for collecting data in regards to respecting international laws and regulations.

Update our contractual documents

We are going to update all of our commitments regarding data protection in accordance with the General Data Protection Regulation.

Guarantee a high level of security

We continue to work every day to improve and strengthen our processes and systems to minimize the risk of a data breach as much as possible.

Ensure we are part of a compliant ecosystem

We ensure that our ecosystem of European partners and service providers are compliant with current legislation.

What does it mean for a CRO solution to be GDPR compliant?

All of our teams are meticulously working to ensure conformity with the new European regulation. We are committed to actively working so that our solution respects all of the measures of the European regulation starting from the enforcement date in May, 2018.

We are also committed to respecting the principles of this legislation, which consists of regulating data collection.

Have a legitimate objective to be able to collect personal data. The use and aim of collecting this data must also be clear and legitimate.


Only relevant and necessary information can be collected: a retail website which sells shoes has no need for information concerning gender, age, marital status or sexual preference of their visitors, as opposed to an online dating site.


Collected data must not be conserved for longer than a certain period of time consistent with the aim of collection. Beyond this date, the data may be archived in a separate format.

Guaranteeing the confidentiality of data and preventing their incursion, loss, deterioration or communication to third parties. Security measures must match the nature of the data and the potential risks.

The company which is the source of the data collection must inform users of the collection and sharing of information with third parties. The site’s users can, with respect to themselves, control the information they wish to share or not.

Users must be informed about the purpose behind the processing of their data. They benefit from the right to rectify or delete this data, or to oppose its collection for legitimate reasons.