Workteam & GDPR
Workteam helps your organization stay compliant with GDPR.
What is GDPR?
GDPR is a new set of European Union regulations that govern how companies should handle personal data. These regulations increase the responsibility for the companies that collect, store and process individuals’ data to provide services. It stands for General Data Protection Regulation & replaces the previous EU ‘Data Protection Act’. It came into force on May 25th 2018.
How it affects your organization
GDPR applies to more that just EU companies. It affects any company that controls the data of EU citizens, including any EU employees that you have or any EU companies that you provide services to or interact with.
What new rights will “data subjects” have?
As a controller of EU citizens’ (data subjects) personal data, you will need to have a lawful reason to store or do something with a data subject’s personal data. One lawful reason is to get their explicit consent. Consent must be freely given, specific and informed. It must be obtained by a clear affirmative action that signifies agreement and must be verifiable (i.e. documented).
Data subjects will be able to withdraw their consent for your right to control their data and they will have the right to request for inaccurate data to be corrected and to have a copy of the personal data that you hold about them. Furthermore, they will have the right to ask for the personal data you hold to be deleted. Such rights extend to your EU employees and you will need to review your employment contracts to ensure you have the appropriate legal foundations to process their data.
Under GDPR, personal data belonging to EU citizens must be stored within the EU and may not be “exported” outside of the EU, unless specific assurances are given by non-EU sub processors, through legal agreements between data processors and any sub processors. These agreements must be approved by the European Data Commission.
Is Workteam GDPR compliant?
Yes. We have strengthened our security by using encryption to protect many of the areas of the product which can store personally identifiable information and related data.
Although we store all of our customers’ data in the US, including our EU customers and any EU employees of our worldwide customers, we do so through Amazon Web Services and IBM databases, two trusted sub processors, which have entered into agreements with Workteam to provide sufficiently high levels of protection for the data we store - sufficient to satisfy the European Data Commission.
Furthermore, we provide features within Workteam to make it easier for our customers to be compliant.
What does Workteam do to help businesses get GDPR compliant?
Workteam makes it easy for you to service a data subject’s request for their personal identifiable information that is stored within Workteam, letting you easily locate such personal data and provide it to them in a computer readable format, as required by GDPR.
Workteam also lets you define your data retention policy for the storage of employee personal information for those employees that you have marked as having left the organization. Workteam will warn you when such retention periods are overdue and provides tools to enable you to anonymise the personal data of such employees, in accordance with GDPR.
Workteam ensures that when you delete an employee from Workteam, their personal data is removed and any data that must remain is fully anonymised.
To find out more about Workteam click here. Or to try Workteam, free for 14 days, click on the button below.