How does Fitnet Manager ensure GDPR compliance?
We cannot say it enough: be careful with your personal data!
And because security is not an option, we are committed to protecting your data and preserving your rights. Since the new rules are becoming effective on 25th of May 2018, we are committed to respect and comply with the General Data Protection Regulation.
Data protection for our customers
BSA Conseil with Fitnet Manager is considered as a sub-contractor in the sense of the GDPR and our customers using the ERP are responsible for the processing. However, as a subcontractor, BSA Conseil with Fitnet Manager is jointly responsible for the personal and sensitive data managed in the ERP. Example of personal data: civil status data – surname, first name, professional e-mail address – of employees, entered in the HR folder module.
Since 2018, several measures have already been put in place to ensure the security and protection of personal data processed in the ERP: the encryption of personal data in the database is one of the strong measures now in place. The scope of encrypted data is complete and guarantees confidentiality and integrity.
To go further in the compliance process, Fitnet Manager has a specific feature to help its customers to implement GDPR on their environments. The GDPR module allows mass purging of personal data contained in the tool: employees, candidates, customers, suppliers and prospects. Administrators can, with one click, select the data they wish to keep, delete or anonymize.
To learn more about this subject, contact us!
Knowing how to assess its compliance with the GDPR
Checking the compliance of its partners, subcontractors or any other third party involved in the data processing process is essential! One of the most important rules to keep in mind is to work with partners for whom compliance on personal data management is a central concern.
First thing: make sure you have the right basics to understand the implications. What is personal data in the context of the GDPR? According to the CNIL: a personal data is “any information relating to an identified or identifiable natural person”, regardless of whether this information is confidential or public, professional or not! Example of personal data: surname, first name, photo, telephone number or IP address. They can also be subjective. For example, notes or appreciations on customers / partners taken during exchanges or follow-ups.
Once this subject has been validated, list all the processing of personal data and draw up a register of this processing: place, storage rule, until when? How?… Ask yourself the right questions! With this solid base, it is easier to prioritize the actions to be taken to comply with legal obligations. Then it will be a matter of identifying the risks weighing on personal data and putting in place real governance to guarantee data integrity and knowing how to manage these threats.
In case of risk, internal teams need to know who to contact and what to do. And without hesitation. But this is not a matter of course! Without training, teams cannot guarantee a smooth and efficient process.
As each company is different, its risks, processes and actions are different. A true bible, the CNIL’s website gathers all the steps to follow.
Fitnet Manager GDPR compliance: what next?
Actions must be sustained over time to be effective. We wish to continue to put forward reliable processes: poorly mastered practices have no place in the organization! We continuously update our internal policies on information security and all company employees receive regular training on security and data protection.
Today within BSA Conseil, all employees have been made aware of the subject and all have signed an GDPR charter that commits them.