What is GDPR?

GDPR is short for General Data Protection Regulation. GDPR includes a set of rules that aim to better protect EU citizens regarding their personal data and give them more control over their data. The new regulation applies from 25 May 2018 and all EU and EES member states are obliged to adopt the GDPR domestically.

How will GDPR affect me as a customer to Antura?

GDPR affects anyone holding data on EU citizens. This includes both the person that determines the purposes and means of the processing of personal data (Controller) and the person which processes personal data (Processor).

As a customer, your company becomes Controller and Antura Processor. If your company purchases Antura Projects through any contractor, the contractual relationship exists between these parties.

What must I do, as a customer to Antura?

Probably someone in your organization has been working on questions related to GDPR for some time. These questions might include which systems that are used to process personal data and how to establish internal routines to meet the requirements of GDPR. As a customer to Antura, your organization are using Antura Projects and thereby you are using the system to process personal data. So, make sure to include Antura Projects in the inventory that are being made. Antura projects should also be covered by the routines you intend to set up.

What does Antura do in the field of GDPR?

Antura has been working on questions related to GDPR since the end of 2016. In relation to Antura's customers, Antura is so-called Processor. This means that a Data Processing Agreement (DPA)needs to be established between Antura and our customers.

Antura is obviously also covered by the regulation as controller, when handling personal data related to our staff, our customers and our suppliers. For this reason, Antura has for some time been working to complement our information security management system with the instructions and procedures needed to meet the requirements set by GDPR.

What’s the difference between using Antura Projects asa service (SaaS) and having the system installed (On Premise)?

In both cases Antura is the Processor since specific groups of people from our organization (such as our support and consultants) have access to your information from so called test environments. In both cases an appropriate Data Processing Agreement (DPA)must to be established and this shall be initiated by the customer (or contractor). 

Antura’s commitment is more extensive when Antura Projects is offered as a service. In these cases, our responsibility also includesserver management, backups, service-level agreement etc.

Can Antura provide Data Processing Agreements (DPA’s)?

Yes. However, we emphasize that it is the customer who is responsible for establishing a DPA, but in this case, Antura can help.

What purpose should be stated in the records of Processing of Antura Projects??

In the records of systems and services that all organizations need to establish, the purpose of storing personal data must be stated. For Antura Projects the purpose can be e.g. "In order to manage more efficient, profitable and cost-effective projects".

What responsibility does Antura apply for the handling of personal data?

The Controller is responsible for setting up procedures for handling personal data, i.e. In the case of Antura Projects, our customers are responsible for the deletion of personal data that the customer has entered into the system. However, Antura can support with setting up or executing routines. Please contact your customer service representative to learn more about this.

Do I pay an extra fee for Antura and Antura Projects to meet GDPR?

No, there are no costs beyond the normal license fee for Antura Projects due to GDPR. However, it may be that your organization needs support from Antura, answering different types of claim statements or setting up procedures or agreements. This kind of support is regarded as consultancy service. Please contact your customer service representative to learn more about this.

Will Antura be required to appoint a Data Processing Officer (DPO)?

Yes, Antura has appointed a DPO.

Will Antura Projects change due to GDPR?

Yes. We will add functionality in Antura which makes it easier for our customers, in the role of Personal Data Administrators, to conduct their own routines as efficiently as possible.

The following functionality is available in Antura Projects since May 2018:

  • Possibility to anonymize users. Users that have been deleted (such as former employees) will be able to be anonymized, ie It will no longer be possible to connect personal data to an ex-employee.

  • Possibility to permanently delete periodic personal data (such as reported time, planned time, absence, assigned time, hourly rate) for a person before a certain date, defined by the organization.

  • Automatic cleaning of personal data from various logs in Antura Projects (usually only accessible to system administrators).