— There is no need to get stressed over GDPR. Sure, the regulations are strict and whoever doesn’t comply with GDPR will have to pay large fines, up to 4 percent of turnover, but according to IS Tools CEO, Johan Barrebo, no one really knows how it will be applied in practice.
The preparations ahead of the General Data Protection Regulation, in short GDPR, are in full swing. It will be a smooth transition for the companies that are already using the IT-solution from IS Tools.
— Our IT-system is GDPR-friendly. All the necessary solutions are in place to control the availability and easy updating of information, says Johan.
Simply put GDPR is an austerity of the personal data act. That means that if you as a company, after May 25th 2018 need to be able to pull out all the information you have about a client, delete it upon request and guarantee that no unauthorized person can gain access to the information. If I would stop to subscribe to a newspaper I would be able to ask for all of my information to be deleted from the database.
— The problem is that some of the guidelines don’t really comply with reality. The Swedish Data Protection Authority, for example, discourage you from using fields where free text can be entered, but in the real world many companies need this option, for instance when taking notes of client correspondence, says Johan.
The company is always legally responsible for following the GDPR, but can appoint a proxy to handle the personal data.
— As a company you need to be able to show the Swedish Data Protection Authority that you are on top of all your customer data and that you can trace details and extract requested information in a safe way, Johan explains.An already adapted solution
Several years ago IS Tools started to develop their IT-system in order to meet the wishes from the clients to easily be able to handle personal data. At that point you had to comply with the personal data act, but the foundation for GDPR had already been built.
— Our IT-system has features that comply with the checklist for GDPR which has been setup by the Swedish Data Protection Authority. The client is always the owner of the content, but we have built extra features that make it easy for the client to access the information they are looking for, says Johan.
You can for example, apart from quick access to the correct reports and forms, access logs that show exactly who has read the information and at what point in time, and the IT-system can inform you when stored information hasn’t been used for a while. Another feature is that you can gain access to certain information via a link and a code, which makes it easy for you to make the information accessibly to the client over the internet.
— Since you also have to keep an eye on the information that is stored on backups we have reviewed our datacentre to ensure that it is also “GDPR proof”. If the personal data remain on a backup it’s not enough to delete the data from a computer. You would also need to delete the stored data, Johan informs.