ODASEVA FOR GDPR
Odaseva Data Platform: comply with personal data requirements of GDPR
GDPR – What is it?
The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. The GDPR aims primarily to give control back to European citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Who is it for?
Every company (not only European) managing Personal Data from European citizen are concerned with the new regulations. The European Commission introduces also the concept of co-responsibility between data controller (your company) and data processors (Salesforce for instance).
When do you need to comply?
May 25, 2018 ! Potential fine for non compliance would be 20M € or up to 4% of the annual worldwide revenue of your organization.
What Salesforce is Doing
Salesforce welcomes the GDPR as an important step forward in streamlining data protection requirements across the EU and as an opportunity for Salesforce to deepen its commitment to data protection. Similar to existing legal requirements, compliance with the GDPR requires a partnership between Salesforce and customers in their use of Salesforce services. Salesforce will comply with the GDPR in the delivery of its service to their customers. Salesforce is also dedicated to helping its customers comply with the GDPR. They have closely analyzed the requirements of the GDPR and are working to make enhancements to their products, contracts, and documentation to help support Salesforce’s and customers’ compliance with the GDPR.
3 FUNDAMENTAL RIGHTS
PROPERTY | LIBERTY | SECURITY
At Odaseva, we like to think the GDPR is like the Declaration of the Rights of Man and of the Citizen of 1789, but for the digital age. This declaration outlined some of the basic human and civil rights we take for granted today. Now, the GDPR aims at doing similar things but is oriented toward our digital world. While the 1789 declaration signaled “Liberty, Equality, Fraternity”, now we could say we’ll have Property, Liberty, Security!
What Odaseva is Doing
The GDPR implies a global understanding of the regulation in order to be compliant. If having the right technology is the first step, you can’t afford to minimize the human factor and the process within your organization. Odaseva for GDPR comes with a series of features specifically designed to answer the new regulation recommendations and best practices within your Salesforce:
Storage Limitation & Data lifecycle
Article 5.1.e / 25: "[Personal data shall be] kept in a form which permits identification of data subjects for no longer than is necessary" "That obligation applies to [...] the period of their storage and their accessibility."
Right of access to personal data
GDPR Article 15.3: "The controller shall provide a copy of the personal data undergoing processing"
Right to be forgotten
GDPR Article 17: "The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay"
Right to portability
GDPR Article 20: "The data subject shall have the right to receive the personal data concerning him or her [...] in a structured, commonly used and machine-readable format"
Pseudonymization & Anonymization
GDPR Article 25.1: "The controller shall [...] implement appropriate technical and organisational measures, such as pseudonymisation"
Data loss prevention
GDPR Article 32: "The controller and the processor shall [...] restore the availability and access to personal data in a timely manner in the event of [... ] a technical incident"
Data loss detection
GDPR Article 33.1: "In the case of a personal data breach, the controller shall without undue delay [..] notify the personal data breach to the supervisory authority"