The General Data Protection Regulation (GDPR)





25th May, 2018

On the 25th of May 2018 the new European General Data Protection Regulation (GDPR)
will become effective



What is GDPR?

GDPR is the most important change in data privacy regulation of the last 20 years. GDPR defines a comprehensive framework on how businesses collect, store, process and otherwise manipulate personal information of EU citizens and residents alike.


Is my business
affected?

The Regulation is applicable for all organizations alike and covers all departments that have contact with personal information. It does not discriminate or excludes any kind of business, business sector, company size or government institution, so chances apply for your company as well.


So what is personal
information?

Personal data is any kind of information that relates uniquely to a person (data subject according to GDPR jargon). In detail, the regulation defines as personal “any information related to a natural person or “Data Subject”, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, a posts on social networking websites, medical information, or even a computer IP address”.


Company responsibilities


The regulation defines strict and unambiguous rules for the protection, authorized use and processing of private information, by specifying how data will be processed, and secured.
Moreover, the regulation defines two important principles:


 
1

The principle of “transparency” for the collection, processing and storing of personal data, and


 
2

The principle of “accountability” according to which the legal entity (the company who is storing and/or processing personal data) is responsible to demonstrate compliance with the stipulations of the regulation.


 

Additionally, the GDPR directives require the following:



Explicit Data
Protection

The Regulation requests the provision of appropriate technical and organizational measures for the secure processing of private information that is absolutely essential for the particular scope.

Secure Data
Processing

The “data processor” and the “data controller” shall deploy appropriate technical and organizational measures in order to achieve adequate security of personal information.

Inform authorities and data subjects in case of data breach

Companies and organizations are required to inform authorities and data subjects as soon as they detect unauthorized breach of personal information, especially if that breach is potentially harmful.

Data Protection
Impact Analysis

Data Processor must contact a “Data Protection Impact Analysis”, especially if processing of personal information is systematic and of a large scale, or entails a high risk for the rights of the the data subjects.


SoftOne and Soft1 ERP

SoftOne

From day one, SoftOne invested on Data Security by implementing rigorous data security mechanisms and procedures. Since 2014, SoftOne has acquired ΕΝ ISO 27001 certification on Information Security Management from TUV Austria certification body. Furthermore, SoftOne closely collaborates with Microsoft utilizing Azure Cloud Services. Microsoft is a leading vendor on cloud products and cloud security operating a dedicated and certified emergency response team on security breaches.


Soft1

Soft1 ERP includes by design an array of security mechanisms and tools that guarantee data privacy and security and authorized access. Those security mechanisms enable the application administrator to define detailed security policies and provide authorized access to personal data only on specific employees in accordance to GDPR provisions.




The wide range of
Soft1 mechanisms that
allow compliance with
GDPR


Application Access through a
username / password pair

Each and every application user has a unique username/password combination in order to get access to the application


Configurable password lifetime and expiration policy

The application allows the configuration of the password expiration timers, prompting the user for a change on specific intervals. In case the user fails to renew the password, the application denies access.


Configurable password lifetime and expiration policy

The application allows the configuration of the password expiration timers, prompting the user for a change on specific intervals. In case the user fails to renew the password, the application denies access.


Password complexity

The password complexity is
configurable through the Soft1 console.


Authorized access to classified information

Each user is accessing data and information according
to the authorization profile configured by the administrator.


Authorized access to lists and reports

Each user is accessing lists and reports
according to the authorization profile.


Groups policy

Administrators can create user groups with specific
pre-authorized data access privileges.


Logging

Ability to Log all
transactions performed on data.


Data Export

Soft1 provides unique abilities for data exports from authorized users in various formats, satisfying the GDPR stipulations for providing personal information to Data Subjects


IP lock

The application allows access only
via a predefined set of IP addresses.

Soft1 applications, come with an array of characteristics that simplify the company’s effort to comply with GDRP. Moreover, Soft1 Series 5 enables the company to automate the GPDP compliance procedures and offers unparalleled functionality and ease of use.





Enhanced functionality
of Soft1 Series 5 for
GDPR compliance

Ability to classify the applications fields as (private, sensitive, or unclassified).


Ability to classify the application users according to as per their authorization to access personal information.


Ability to classify all custom fields (that are usually created in custom ERP implementations).


Personal data is displayed only to pre-authorized privileged users according to their clearance level.


Ability to erase or anonymize personal information securing database integrity.


The latest and upcoming software versions include all tools and resources for enhanced data security. Additionally, every new release will pack additional functionality and mechanisms in order to guarantee continuous compliance with GDPR.


 
 
GDPR
a new opportunity

 

The new regulation poses a unique opportunity for a company’s digital transformation. By utilizing a modern ERP system such as the Soft1 Series 5, companies can improve their efficiency and productivity, while pursuing compliance with GDPR. Soft1 Series 5 provides the tools and allows for the implementation of well-defined procedures that will streamline internal processes with a fine grain of control on personal information