GDPR Compliance

Ready for May 2018

What is GDPR?

You might think GDPR is the new nickname for Nessie (you know that monster everyone is talking about but nobody ever sees). Well, sorry to break this to you, it’s not!

The General Data Protection Regulation is the first and most advanced regulation in the European Union regarding Data Privacy. It aims at guaranteeing every citizen of the EU the right to privacy.

Does GDPR apply to you ?

If your organisation is processing data involving European citizens, then yes GDPR applies to your organisation, regardless of your location.

What GDPR means for individuals

GDPR makes the basic privacy rights for individuals official:
– consent
– access
– correction
– erasure
– data portability

What GDPR means for organisations

Based on the individual rights, organisations will have to be compliant with a number of processes:

1. Limit processing: limit the data processing to the purpose for which the data was collected.
2. Limit data collection: by minimising the data to be collected.
3. Impact assessment: conduct prior assessment related to sensitive data storing.
4. Data processing assessment: set up a continuous assessment for internal data processing.
5. Data viewing: limit the visualisation of data internally to authorised staff only.
6. Record keeping: keep record of all data processing activities.

Further talk about GDPR: watch a live webinar with our expert

GDPR at Optimy: 5 new tools available soon

At Optimy, we didn’t wait for the GDPR to happen.

One of our fundamentals whilst designing our solution was to take care of data privacy. Privacy by design has always been a key factor in our development, whether it be processes, databases, or server architecture.

Today, more than 230 large organisations trust us with their data related to grant / sponsorship / CSI activities.

To ensure the users of our Optimy Solution are GDPR compliant, we went even further and came up with 5 new tools, exclusive to Optimy and available now. Along with these new features, we are proud to announce that Optimy is fully compliant with GDPR, for all its users.

Field automatic tagging

Everyday, 230 organisations are using Optimy to manage their daily action plans. Our powerful customisation settings enable them to have our solution fit to their needs.

We developed the Field Automatic Tagging to ensure that Optimy users have full control of privacy data. With this new feature, each organisation using Optimy is now able to tag which fields contains personal data.

Data expiration settings

As GDPR recommends to minimise collection and storage of data, we developed an extra tool to manage data expiration settings.

Depending on what is needed for storage and analysis, each organisation using Optimy can now decide the duration and expiration of the data stored in their tool.

GDPR Expired Projects List

To better control data privacy and GDPR compliance, each organisation using Optimy can now filter the projects and identify the GDPR expired ones.

The enhanced list of projects gives direct access to this list, and make it possible for the organisation either to delete the GDPR expired project or make its personal data anonymous.

Pseudonymisation Process

For analysis purposes and knowledge building, we know that data storage can be key for a number of organisations.

To enable both data privacy and data storage, Optimy now makes it possible to pseudonymise the data.

When an organisation chooses to go for the pseudonymisation process, Optimy will:
– compute a hash as an anonymous identifier
– look for every personal data stored under a profile
– replace personal data found by the new hash
– make it impossible for one user to link back the generated hashes with the original personal data.

Pseudonymisation Data Display

Since our secure and anonymous pseudonym will be a 64-digit hash, we don’t want to scare our users from Optimy’s back-office.
That’s why we now make a specific data display for the generated pseudonyms available. Each user having an access to the back-office will only see the first 8 characters of the pseudonymised data.