100 likes | 119 Views
Understand GDPR fundamentals, personal information types, rights, TimeLog's projects, and recommendations. Learn about data controller and processor roles, sensitive personal data, software compliance, and GDPR recommendations. Tips on data collection, policies, and employee education.
E N D
GDPR in TimeLog Christoffer Lanstorp CTO TimeLog A/S (personuppgiftslagen)
Agenda • Fundamentals • Rights • TimeLog’s projects • Recommendations TimeLog-dagen 2017
GDPR fundamentals • Natural person / personal information • Data controllers (you) • Data processor (TimeLog) TimeLog-dagen 2017
What is personal information? Racial or ethnic origin, political opinions, religiousbeliefs, sexualpreferences, biometric information, health information Violation of the law Name and address, personale-mail address, web cookies, economy, tax, dept, sickdays, jobfunction, family relations, car, house, birthday Sensitive personal information General personal information TimeLog-dagen 2017
Person’srights • The right to receive information about processing of personal information • The right to gain access to your personal information • The right to have inaccurate personal information rectified • The right to have personal information deleted • The right to object to personal information being used for direct marketing • The right to object to automatic individual decisions, e.g. profiling • The right to moveyourpersonal information TimeLog-dagen 2017
TimeLog’s three GDPR projects • Ourown GDPR compliance • TimeLog as data processor for you • HowshouldTimeLog’s software support yourability to complywith GDPR TimeLog-dagen 2017
TimeLog as data processor • Data processingagreement ca. 1. March • New hostingagreement • Adjustinfrastructure • Full timeemployee in TimeLog TimeLog-dagen 2017
Software GDPR support • Documentationofwhom has accessed sensitive personal data • Logging export of sensitive personal data • Anonymisationof data • Methods to find, correct and delete personal information TimeLog-dagen 2017
Our GDPR recommendations • Identify data collection • Describe the purpose and delimitation • Secure explicit agreement • Make internalpolicies • Educateyouremployees in the policies • Get an overviewofinternal systems and data processingagreements • Get counseling TimeLog-dagen 2017
A good place to start • Information in English from Datainspektionen • Information in Swedish from Datainspektionen and an overview of all aspects TimeLog-dagen 2017