Here's a GDPR checklist for all project managers and team leaders, created by our expert on all things legal, Michal. Learn how PrivMX can help your remote team stay GDPR compliant!
On 25th May of 2018 a new legal act called the GDPR came into force. General Data Protection Regulation was adopted by the European Union and it applies to organizations all over the world if they collect or process data related to people in the EU. Consequently, if you process personal data of EU citizens (e.g. store or transfer them), you should be compliant with the GDPR.
Now, PrivMX helps you with that on many levels. The software contains a number of functions and security measures that enable proper processing of personal data.
They concern in particular:
In PrivMX, all data, including sensitive and personal data, are stored on a private Team Server and subject to end-to-end encryption. It means that if you share a file or send a message within your PrivMX workspace, it is encrypted on your device and only you, or other Users of your Team Server, may decrypt it.
Nobody else, not even our team or the employees of your selected data server - the entity providing you with PrivMX services and storage space - is able to decrypt and read your data, stored on your Team Server. This may be really helpful when it comes to choosing appropriate security measures to protect extremely sensitive data, according to the GDPR provisions. GDPR law states that encryption is one of the measures recommended to ensure that personal data are protected according to all necessary standards.
According to the GDPR, you should ensure that all persons (e.g. your employees) that process personal data under your authority, do it only to the extent which they really need to. Therefore, access to personal data must be limited and all unauthorized people should not be able to read or use these data.
As a consequence, we offer you an ability to limit users' access to data stored within a Team Server only to the people you deliberately choose. You make the decision who within your team gets access to certain information - if it’s a part of your team or just a selected member. What’s more, it is fairly easy to manage access rights to certain Sections, such as chat, files, projects or calendars.
As you may know, a lot of service providers may store personal data outside of the EU. According to GDPR rules, these entities have to ensure that additional measures are undertaken in order to protect personal data in such a third country. That may require signing an additional, special agreement or verifying if you really may use such a provider.
However, it is not the case when it comes to PrivMX services. We are a company registered within the EU, in Amsterdam, the Kingdom of the Netherlands. Our data centres are located in various countries of the EU, and you are the one who gets to choose the specific location of your data centre. Therefore, we can guarantee that your data will not leave the European Union.
GDPR states that you should prevent any unauthorized access to personal data, e.g. by people that are not acting on your behalf. One of the important aspects of data confidentiality is making sure that nobody will use your (or one of the authorized users) login and password in order to access your data. As a consequence, we offer you an ability to use two-factor authentication, using your telephone number or e-mail address.
PrivMX enables you to verify who created, deleted, modified or submitted a specific file or edited particular piece of data in a file. It is important because the GDPR states that every data controller should be able to use appropriate safety measures concerning the processing of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Therefore, any tool that helps you with checking who created, modified or deleted a file, what may be required, according to requirements specified in the GDPR.
From my experience as privacy and data security lawyer, it’s best to consider introducing GDPR compliance from the bottom up - not by rapidly shaping all your company’s policies to fit the rules, but by choosing the right teamwork tools. PrivMX introduces a structure that makes data privacy a seamless part of your daily work routine.
With data breaches on the rise, it’s best to take a holistic approach and keep all your assets - communication, information and documents - in a reliable workspace.