AB Tasty’s GDPR compliance plan
Security and compliance are our top priorities
At AB Tasty, our teams are informed and ready to act regarding the new European regulation concerning the protection of personal data.
Our commitment: actively work to ensure that our solution respects the entirety of the European regulation before the enforcement date in May, 2018.
Data Protection: What’s going to change with the GDPR
May 25th, 2018, a new regulation regarding personal data protection will be enforced for businesses in the member states of the European Union: the General Data Protection Regulation (GDPR). Recently, a lot of information has been circulating regarding this subject. We thought it would be instructive to take a look at the principles of this new regulation.
The steps of our compliance plan
Since we’re dedicated to respecting international laws and regulations, we are actively working on making our solution compliant with the new European regulation. Since this new legislation will be enforced in May 2018, we are currently preparing to be in total compliance.
Below are the steps we’ve identified in order to be in complete conformity with the new European text:
What does it mean for a CRO solution to be GDPR compliant?
All of our teams are meticulously working to ensure conformity with the new European regulation. We are committed to actively working so that our solution respects all of the measures of the European regulation starting from the enforcement date in May, 2018.
We are also committed to respecting the principles of this legislation, which consists of regulating data collection.
Have a legitimate objective to be able to collect personal data. The use and aim of collecting this data must also be clear and legitimate.
Only relevant and necessary information can be collected: a retail website which sells shoes has no need for information concerning gender, age, marital status or sexual preference of their visitors, as opposed to an online dating site.
Collected data must not be conserved for longer than a certain period of time consistent with the aim of collection. Beyond this date, the data may be archived in a separate format.
Guaranteeing the confidentiality of data and preventing their incursion, loss, deterioration or communication to third parties. Security measures must match the nature of the data and the potential risks.
The company which is the source of the data collection must inform users of the collection and sharing of information with third parties. The site’s users can, with respect to themselves, control the information they wish to share or not.
Users must be informed about the purpose behind the processing of their data. They benefit from the right to rectify or delete this data, or to oppose its collection for legitimate reasons.