What is GDPR?
GDPR is a new European privacy regulation that is designed to ensure that people understand what personal data organizations collect, how that data is used and provide a way to control how that data is used.
We apply GDPR compliant policies and practices to protect our customers, their users’ and their customers’ data, as well as provide tools to our customers to help them be GDPR compliant.
Who does it apply to?
The regulation applies to any organization that holds data on European citizens. Accordingly, GDPR can apply to any organization anywhere in the world.
Timewatch has implemented security and privacy measures above and beyond GDPR, and made them available to all Timewatch customers, worldwide. We apply these facilities automatically for European customers, whereas non-European customers can choose to turn these features on if they wish.
How GDPR affects individuals
If you are in the EU and using one of our products for a European organization, you will be able to:
- Ask us to provide you with a copy of the personal data we have about you by clicking here
- Ask for details of the number of employers (collectors) that may hold personal data (we cannot tell you the names of the any data collectors, but as previous employers, you should know their names and be able to contact them directly)
- Request that we stop sending you marketing information
- If you have given consent for us to contact you (for product updates, news, information etc.), alter your preferences
- Ask that we stop using your personal data
- Ask that we amend or delete personal data we hold
What GDPR means for our customers
GDPR states that every contact an organization holds must have a lawful reason for being there. There are six allowable reasons:
- You have consent from the individual
- It is necessary for the performance of a contract with the individual or to take steps into a contract
- It is for the purposes of legitimate interests pursued by the controller or a third party
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- It is to protect the vital interests of a data subject or another individual
- It is needed for the compliance with a legal obligation
How Timewatch helps your organization with GDPR
Timewatch provide a number of tools to assist our customers to comply with GDPR:
- We’ve added new GDPR reports to our products to help you review data you hold on individuals and where necessary, provide information to individuals.
- Our European customers receive 2 new reports: GDPR personal data and GDPR complete data. The Personal data report provides personal information about an individual, the complete data report provides a complete ‘footprint’ of the individual. It is up to each organization’s implementation of GDPR as to the level of information to provide requestors.
- Non-European customers’ reporting systems do not include these reports as a standard, but they are freely available and can be added to their Reporting system if they have European users and need to comply with GDPR.
- Provide tools to delete personal data, or where deletion is not appropriate, provide procedures to obfuscate data.
- We provide API’s that allow organizations to securely request personal data for inclusion in corporate GDPR compliance systems as well as securely amend / obfuscate data.
- We will be rolling out a new Internal Contacts function which will allow our Customers to specify their DPO (Data Protection Officer) contact details, which will allow us to automatically notify the DPO if an end user requests details on their personal information.
- We’ve added a pre-signed Data Protection Addendum (DPA) to our Master Subscription Agreement which European Customers can download, sign, and upload via our in-build product support system. To download the DPA, from the Help System within any of our products, search on GDPR Addendum.
Helping our Customers meet their privacy and data security goals is important to us. And as we build new tools that support GDPR, we’ll share information about features and functionality once they’re available. Notifications will be made via our web site blog/news as well as via Twitter and Facebook. You can also search ‘GDPR’ via the ‘Need Help, Just Ask’ button within our products.