Security and compliance are our top priorities
At AB Tasty, our teams are informed and ready to act regarding the new European regulation concerning the protection of personal data.
Our commitment: actively work to ensure that our solution respects the entirety of the European regulation before the enforcement date in May, 2018.
Data Protection
What’s going to change with the GDPR
May 25th, 2018, a new regulation regarding personal data protection will be enforced for businesses in the member states of the European Union: the General Data Protection Regulation (GDPR). Recently, a lot of information has been circulating regarding this subject. We thought it would be instructive to take a look at the principles of this new regulation.
The steps of our compliance plan
Since we’re dedicated to respecting international laws and regulations, we are actively working on making our solution compliant with the new European regulation. Since this new legislation will be enforced in May 2018, we are currently preparing to be in total compliance.
Below are the steps we’ve identified in order to be in complete conformity with the new European text:
What does it mean for a CRO solution
to be GDPR compliant?
All of our teams are meticulously working to ensure conformity with the new European regulation. We are committed to actively working so that our solution respects all of the measures of the European regulation starting from the enforcement date in May, 2018.
We are also committed to respecting the principles of this legislation, which consists of regulating data collection.
Have a legitimate objective to be able to collect personal data. The use and aim of collecting this data must also be clear and legitimate.
Only relevant and necessary information can be collected: a retail website which sells shoes has no need for information concerning gender, age, marital status or sexual preference of their visitors, as opposed to an online dating site.
Collected data must not be conserved for longer than a certain period of time consistent with the aim of collection. Beyond this date, the data may be archived in a separate format.
Guaranteeing the confidentiality of data and preventing their incursion, loss, deterioration or communication to third parties. Security measures must match the nature of the data and the potential risks.
The company which is the source of the data collection must inform users of the collection and sharing of information with third parties. The site’s users can, with respect to themselves, control the information they wish to share or not.
Users must be informed about the purpose behind the processing of their data. They benefit from the right to rectify or delete this data, or to oppose its collection for legitimate reasons.
Maximizing the guarantee of high-level security
We are continuing to work on the implementation of the measures necessary to prevent damage to, improper use of or fraudulent access to data. Access to data must only be reserved for specific people, or third parties that have special, temporary authorization (tax bureau, police, etc). It is our duty to determine and maintain a reasonable timeframe for conserving personal information. In case of non-compliance of these obligations, the GDPR provides for punishments that can go from heavy fines to imprisonment.
In order to maximize the guarantee of high-level security, it’s necessary to work on a map of data to protect in order to identify the different potential sources of leaks or flaws, as well as their level of importance.
Lastly, to lead a protection strategy for collected data, regular updates are needed, since information is constantly at risk. For each incident, an inquiry must be undertaken in order to strengthen the security measures put in place. This is another reason for creating an internal committee - to mobilize adequat, experienced human resources.