What is GDPR?
GDPR is short for General Data Protection
Regulation. GDPR includes a set of rules that aim to better protect EU citizens
regarding their personal data and give them more control over their data. The
new regulation applies from 25 May 2018 and all EU and EES member states are
obliged to adopt the GDPR domestically.
How will GDPR
affect me as a customer to Antura?
GDPR affects anyone holding data on EU citizens. This includes both the
person that determines the purposes and means of the processing of personal
data (Controller) and the person
which processes personal data (Processor).
As a customer, your company becomes Controller and Antura Processor. If your company purchases Antura Projects
through any contractor, the contractual relationship exists between these
parties.
What must I
do, as a customer to Antura?
Probably someone in your organization has been working on questions
related to GDPR for some time. These questions might include which systems that
are used to process personal data and how to establish internal routines to
meet the requirements of GDPR. As a customer to Antura, your organization are
using Antura Projects and thereby you are using the system to process personal
data. So, make sure to include Antura Projects in the inventory that are being
made. Antura projects should also be covered by the routines you intend to set
up.
What does Antura do in the field of GDPR?
Antura has been working on questions related to GDPR since the end of
2016. In relation to Antura's customers, Antura is so-called Processor. This
means that a Data Processing Agreement (DPA)needs to be established between Antura and our customers.
Antura is obviously also covered by the regulation as controller, when
handling personal data related to our staff, our customers and our suppliers.
For this reason, Antura has for some time been working to complement our
information security management system with the instructions and procedures needed
to meet the requirements set by GDPR.
What’s the difference between using Antura Projects asa service (SaaS) and having the system installed (On Premise)?
In both cases
Antura is the Processor since specific groups of people from our organization
(such as our support and consultants) have access to your information from so
called test environments. In both cases an appropriate Data Processing
Agreement (DPA)must to be established and this shall be initiated by
the customer (or contractor).
Antura’s
commitment is more extensive when Antura Projects is offered as a service. In
these cases, our responsibility also includesserver management, backups, service-level
agreement etc.
Can Antura
provide Data Processing Agreements (DPA’s)?
Yes. However, we emphasize that it is the
customer who is responsible for establishing a DPA, but in this case, Antura
can help.
What purpose
should be stated in the records of Processing of Antura Projects??
In the records of systems and services that all organizations need to establish,
the purpose of storing personal data must be stated. For Antura Projects the
purpose can be e.g. "In order to manage more efficient, profitable and
cost-effective projects".
What
responsibility does Antura apply for the handling of personal data?
The Controller is responsible for setting
up procedures for handling personal data, i.e. In the case of Antura Projects,
our customers are responsible for the deletion of personal data that the
customer has entered into the system. However, Antura can support with setting
up or executing routines. Please contact your customer service representative
to learn more about this.
Do I pay an
extra fee for Antura and Antura Projects to meet GDPR?
No, there are no costs beyond the normal
license fee for Antura Projects due to GDPR. However, it may be that your
organization needs support from Antura, answering different types of claim
statements or setting up procedures or agreements. This kind of support is
regarded as consultancy service. Please contact your customer service
representative to learn more about this.
Will Antura
be required to appoint a Data Processing Officer (DPO)?
Yes, Antura has appointed a DPO.
Will Antura
Projects change due to GDPR?
Yes. We will add functionality in Antura
which makes it easier for our customers, in the role of Personal Data
Administrators, to conduct their own routines as efficiently as possible.
The following functionality is available in Antura Projects since May
2018:
Possibility
to anonymize users. Users that have been deleted (such as former employees)
will be able to be anonymized, ie It will no longer be possible to connect
personal data to an ex-employee.
Possibility
to permanently delete periodic personal data (such as reported time, planned
time, absence, assigned time, hourly rate) for a person before a certain date,
defined by the organization.
Automatic
cleaning of personal data from various logs in Antura Projects (usually only
accessible to system administrators).