Are you the CIO of your company?
Read our Cheatsheet for CIOs to help your GDPR
Read our Cheatsheet for CIOs to help your GDPR compliance efforts.
What is GDPR?
The General Data Protection Regulation (GDPR) is a European privacy regulation that went into effect on 25th May 2018. The GDPR, which replaces the EU Data Protection Directive, aims to consolidate data protection regulations across the European Union (EU) by enacting a single data protection law enforceable in all member states. Regardless of where your firm is situated, the law affects European companies and any business that targets European citizens or collects, uses, or processes personal data of European individuals. In practice, this implies that the GDPR will apply to most enterprises that process personal data of EU citizens data, regardless of where they are based or where their processing operations take place.
What is personal data?
The GDPR’s definition of personal data encompasses what we usually think of as Personally Identifiable Information (PII) – names, passport numbers, birth dates, and so on – as well as data that we may think of as non-PII, such as email addresses or device IDs.
Please see Article 4(1) of the GDPR for a complete list of what the GDPR considers personal data. A subset of data known as “special categories of personal data” is also included in the definition of personal data. The GDPR defines special categories of personal data as a collection of data that includes race and ethnicity, religion, political viewpoints, health information, and so on.
Who is impacted by the GDPR?
The GDPR has a broad geographical scope. It applies not only to all EU-based enterprises that handle personal data but also to any non-EU based entity that processes personal data of EUbased individuals.
Including those enterprises who
a) Offer goods or services without requiring payment
b) Monitor any activity within the EU
GDPR strives to protect personal data at all stages of data processing, and it distinguishes between data controllers and data processors, both of whom have obligations.
What are the requirements of GDPR?
Companies must take appropriate data protection measures to protect consumer data privacy from loss or exposure, according to the GDPR. The most significant principles and requirements governing the management of personal data are summarized in Article 5 of the
• Personal data collected must be handled in a fair, legal, and transparent manner. It should not be utilized in ways that an individual would not reasonably expect.
• Personal data should only be collected for specific purposes. It should not be utilized in any way that is not compatible with those purposes. When collecting personal data, enterprises must explain why they need it.
• Personal data must be kept up-to-date and accurate. It should only be held for as long as is necessary to achieve its goal.
• Citizens of European Union have the right to view their 'personal data'. They can also request a copy, have it updated, erased, limited, or transferred to another organization without restriction.
• Personal data should be processed in a way that ensures its security. This includes safeguards against illegal or unlawful processing, as well as loss, destruction, or damage caused by accidents.
• Personal data should be maintained for no longer than is necessary. It should be stored only for the duration of the purpose for which it is processed.
GDPR & Twake
Twake is built to protect personal data and online privacy. We applaud the recent EU rule that strengthens and unifies these safeguards for individuals under its authority. We thoroughly reviewed legal and technical implications of the GDPR to assure compliance and made all necessary updates to our products, services, and documentation. Twake clients enjoy the best control over their data. We even equip our website visitors with the tools they need to protect their information.
Twake is 100% compliant with GDPR requirements.
What does Twake do to ensure full compliance with GDPR?
• We conducted a security audit to ensure that all of our security policies and safeguards are GDPR compliant.
• GDPR is covered by Twake’s organizational policies, including our data security and data privacy policies. Our entire team understands the importance of good data security and privacy standards across the board. This is a continuous process that we consider as critical to our project’s success.
• We completed Data Protection Impact Assessments to identify and minimize any risks from our processing activities.
• We store all our data in OVH Cloud servers located in France.
• We are establishing and creating the operational procedures necessary to support an individual’s rights to access, review and delete any of their data that we store.
• As a processor and controller of personal data, we are keeping accurate records of our processing activities.
• Cookie notifications can be tailored to meet the legal needs of each country or region.
• We have strict measures to protect your personal and professional data. Concerning your password and personal data specifically, passwords are hashed using PBKDF2, your data is encrypted before it is sent to the database (encryption at rest) and we use TLS encryption for communications (encryption in transit).
• The larger issue of data security is more of a long-term commitment than a one-time project. In an ever-changing landscape of regulation and real-world risks, Twake remains committed to data security and privacy, and we will ensure that our customers are safeguarded.
How can Twake help your company to comply with
We are trying to ensure that our products and services allow our clients to comply with the GDPR. This includes:
• Continuing to improve the security features in our products as well as our enterprise and infrastructure’s security framework, as detailed in the previous section.
• Ensuring that our customers’ contract with us allow them to comply with the GDPR’s standards for appointing data processors, as well as ensuring that our own contracts with data processors are compliant.
• Continually reviewing GDPR compliance recommendations in general and changing our strategy as necessary.
GDPR Compliance Checklist for Cloud Security
The GDPR requires businesses to secure their customers’ and employees’ personal data at all phases of the data processing lifecycle.
Complying with this obligation has become increasingly difficult as more firms adopt and use cloud-based communication and collaboration solutions. According to a recent survey, 60% of businesses aim to entirely forsake on-premises solutions in the next two years in favor of cloud-based, Software-as-a-Service (SaaS) technologies.
Smaller businesses are also going to the cloud: a SMB’s averagenumber of cloud apps was predicted to be 7 in 2017. It is not easy to pick cloud-based services that help businesses ensure and maintain GDPR compliance.
When looking for a service provider, businesses must consider a variety of technological and legal factors.
Our checklist helps you with summarizing the 5 most crucial things to keep in mind.
Twake development is powered by Linagora