Feature: "Getting GDPR Ready"
We are all aware of the new Global Data Protection Directive in the EU and the serious consequences non-compliance can have for our reputation, our customers and our industry. Especially since we have to deal with “a special category of personal data” on a day to day basis.
Unfortunately diving deep into the details of the highly-convoluted text of the Regulation can leave one’s head spinning. With advice from legal advisors we have pulled out the key elements or rules that lay the groundwork for its larger principles that are relevant for our industry.
The essence of GDPR for our industry:
- Systematically securely store sensitive data under full encryption automatically to prevent loss breach, theft and unauthorized access
- Systematically secure all methods of transfer, usage and transmission of all sensitive data
- Monitor all usage, transfer, and transmission of sensitive data
- Sensitive data must be secured across all borders
- Show explicit consent and provide for the rights of EU citizens to be forgotten or removed
Our current way of working and our IT environment, where ok until now, but the additional GDPR regulation and expected more stringent demands from our clients made us decide to look for a solution that was more fit for this purpose. In addition to the mentioned requirements, a couple of things were really important for us: ISO 27001 certification, data-encryption, track record in data privacy of the provider, user friendliness for the assignees, ease of use for us as users and of course above all alignment with a long Dutch tradition: a good price –quality ratio!
While looking for advice and tooling, there appears to be a whole industry where many parties like consultants, lawyers and IT companies provide advice, checklists and whitepapers, workshops, standard solutions and training sessions. As far as we could find out, a specific solutions for GDPR and the mobility industry did not appear to exist.
At the end, we came into contact with SecureDD, an experienced party specialized in data security and data privacy solutions, with more than 10 years of experience in the UK, the Netherlands and Germany. The company provides customized GDPR solutions for different industries applying secure transfer, storage and authentication solutions that work.
Together with SecureDD, a simple solution is now developed that is ISO 27001 compliant, which can be regularly audited and can easily be linked to existing workflow management systems.
How does it work?
The software-as-a-service solution uses the heaviest form of encryption (256-bit hardware encryption) and is ISO 27001 certified.
A digital vault or safe is created for each of the assignees. Each assignee will receive a request to securely upload the necessary confidential information for immigration or relocation via a link, after personal contact has been made. Secure uploading is possible with pc or tablet or smartphone. The documents are automatically stored safely / encrypted in a central vault that is only accessible to a selected number of employees and, if desired, by the assignee him/herself. Each time the safe is opened and information is forwarded to a third party, this will be registered. This way of working eliminates the risk of personal information being sent via unsafe email or being processed on individual pc’s of employees. After closing the case, we have opted for longer term secure e-archiving. We as RSH pay a small annual license fee and additionally for each safe we use. The company will periodically provide us with updates.
This solution is now being developed and the first version will be implemented with RSH at the beginning of November. The major additional benefit is that we can streamline our processes and significantly reduce our risks, especially when it involves manual handling of documents. The server where our data will be stored, is currently located in the Netherlands but can be placed in any jurisdiction as desired. A simple link (API) can be made to existing workflow management applications.
With this solution we aim to make a big step towards GDPR compliance, while containing related costs and maintaining our high service levels.
For contact info please mail: veronique.haverhals@relocation-holland.nl