Ensuring GDPR compliance globally with Cytrack
January 15, 2019
GDPR became enforceable from 25 May 2018 and replaced the 1995 Data Protection Directive. The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU, so has a global impact on all businesses who collect or store any personal information on EU citizens.
The GDPR aims primarily to give control to EU citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
What types of privacy data does the GDPR protect?
- Basic identity information such as name, address and ID numbers
- Web data such as location,
- IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
Personal data must also be portable from one company to another, and companies must erase personal data upon request. That last item is also known as ‘the right to be forgotten’. Companies must report data breaches to supervisory authorities and individuals affected by a breach within 72 hours of when the breach was detected.
Another requirement, performing impact assessments, is intended to help mitigate the risk of breaches by identifying vulnerabilities and how to address them.
Cytrack products and GDPR compliance
Cytrack products store personal data primarily for improving customer experience through the review of statistics on performance and delivering the required functions of an omni-channel contact centre
Due to it's sensitive nature, Cytrack takes the protection of this personal data very seriously and we have a multi-faceted approach to ensuring compliance with GDPR, HIPAA and other global data protection regulations or directives:
1. Protecting data in motion
Utilising HTTPS, TLS/SSL and XML encryption, Cytrack products protect the integrity of personal information as it is transferred between servers.
2. Protecting data at rest
Cytrack products use Windows Authentication for SQL Server Authentication, Kerberos security protocols and other server security measures to ensure that personal data stored on servers is protected.
3. Customer consent
Consent from your customer (the data subject) must now be granted by the customer to authorise the processing and storage of personal data. Cytrack is assisting by building in functionality wherever possible within the technology to offer opt in/out controls and processes.
4. Personal information management
Cytrack provides an optional tool that performs searches for personal information and allows the administrator of the tool the ability to edit and/or anonymise the information.
Technology helps with GDPR compliance, but your processes are the solution
Technology can help you manage and understand your data but business policies and procedures need to be able to ensure the organisation complies with its GDPR principles and data subject rights. Make sure you seek independent legal representation for your GDPR compliance processes.