In the summer of 2017, Raptor Services started a process aiming to underpin compliance regarding the upcoming launch of GDPR – the 25th of May 2018. This to ensure that Raptor Services and our customers are compliant in regard to the new standards that must be met.
What is the GDPR?
The GDPR (General Data Protection Regulation) is a new EU Regulation, which will replace the 1995 EU Data Protection Directive (DPD), in order to ensure the protection of personal data of EU citizens. The GDPR emphasizes the obligation on organizations, collecting personal data from customers. Whilst building on many of the 1995 Directive’s requirements, the GDPR really is all about ensuring the individuals’ right to privacy.
What are the consequences if we are not compliant?
Being GDPR compliant is important for several ethical reasons. First and foremost, it concerns underpinning fundamental rights to privacy. This is an important matter, which is why Raptor Services are happy to be part of the movement, ensuring people their rights to own their data, online as well as offline.
Moreover, the importance and consequences are underscored by the massive penalties imposed for violations, breaking the existing law regarding personal data. The fine will, naturally, depend on the type of violation. Due to the size of the fines, investing in GDPR compliance is a must for all organizations, including Raptor Services and our customers.
What is Raptor Services doing to be GDPR compliant?
As a data-heavy company, working with both data mining and data processing, we at Raptor Services are greatly influenced by the GDPR.
The increased focus on individual’s rights concerning personal data must be taken into consideration when building IT-systems. This is known as “Data protection by design and by default.” Among other requirements, this means that an individual can always demand data to be deleted or transported, allowing individuals to claim their rights to be enforced. Raptor Services comply with these requirements, enabling requests to be enforced.
Data Protection by design and by default is:
- Being able to transport data across different systems
- Being able to give insights into registered and processed data
- Being able to correct personal data
- Underpinning the legal rights – including the right to be forgotten
Data Protection by design and by default is:
Delivering data-heavy services, Raptor Services A/S fulfill the requirements that have been set by “Datatilsynet”. Fulfilling these means that Raptor Services must hire a DPO. The requirements are stated below:
- Working with processed data must be the organization’s core-competen
- A large amount of personal data must be processed
- The processing activity consists of:
- Regular and systematical surveillance of people or
- Processing data containing personal information
Because of this, we have hired a DPO who will be committed to ensuring compliance with the existing law. Moreover, the DPO will have an intercessor role between Datatilsynet and Raptor Services.
Data Processing Agreement
To accommodate the requirements concerning mutual insurance with regards to GDPR we have, in collaboration with our lawyer, created a Data Processing Agreement (DPA). Thereby, we have documentation proving that our customers, when working with Raptor Services, are always meeting the requirements listed in existing law. Therefore, when working with Raptor Services, you are always GDPR-compliant.
We have mapped our entire data flow and IT-infrastructure, both internally and externally. On this basis, we have ensured an overview of potential risks and consequences upon data-leaks. This means that plans of actions have been listed.
E-privacy and cookie–data
We follow the upcoming process concerning: “ePrivacy Directive: assessment of transposition, effectiveness, and compatibility with proposed Data Protection Regulation” closely.
As for now, the change regarding what is known as the “cookie-law” remains unresolved. Therefore, we are currently preparing the potential compliance effort that lies ahead of us. This is done with the currently accessible information.
The awareness about privacy is affecting online businesses across all platforms. This means that when Raptor Services integrate with other systems, further requirements are often set up, to ensure total privacy. The added requirements further complicate the processes when we are integrating our services with the systems you are using on your site. This is a continual progress and cost that we must carry when delivering superior solutions to our customers.
To continually ensure compliance with existing law, we will introduce an independent annual IT audit. At the annual audit, we will walk through the documentation for IT compliance as well as the juridical communication of the existing level of compliance within Raptor Services, thereby ensuring the fulfillment of existing GDPR law.
We are always happy to help, so feel free to contact us if you have any questions regarding GDPR compliance in relation to your partnership with us.