GDPR and Plus Workflow
On May 25, the Regulation of the European Parliament and the EU Council on the protection of individuals with regard to the processing of personal data, GDPR, will become applicable. This regulation aims to ensure the security of processing and access to personal data. It is an extremely challenging task for companies processing that kind of information, as even an email address containing a surname is treated as personal data. Non-conformance of those rules may result in high fines imposed on enterprises.
The entities processing personal data are required to appoint a Data Protection Officer (DPO). In particular, this applies to public entities processing data on a large scale, especially, sensitive data and data on convictions and infringements. The DPO’s obligations include, among others, informing the entity processing the data about the obligations related to their protection, monitoring its compliance with the provisions of the GDPR and cooperating with supervisory authorities. The Plus Workflow supports DPO in ensuring the security of data processing and allows to guarantee the implementation of the rights of individuals, such as: right to be informed, right of access, right to rectification, right to erasure/to be forgotten, right to restrict processing, right to data portability, right to object and rights in relation to automated decision making and profiling, under the EU regulation .
The right to be informed, the right of access and the right to data portability are realized by providing access to a database of business processes implemented in the Plus Workflow, as well as archived electronic documents in which the data is contained. The administrator may search for data collected during the implementation of processes and make them available to the person requesting such information.
The right to erasure/to be forgotten, right to restrict processing and right to object is associated with the deletion of data by the administrator – temporarily or permanently. The Plus Workflow allows clearing te parameters with personal data in such a way that the entire document or process is not lost, only the previously defined indexes are cleared.
The Plus Workflow guarantees the realization of the mentioned rights of individuals under the GDPR. Respecting the above-mentioned rights is a considerable challenge for system administrators. That is why, the IT systems should support the work of DPO and administrators through built-in functionalities of indicating personal data and exporting it, e.g. to XML file. Moreover, they should ensure fast access to documents and processes, and secure deletion of data from computers, servers, and clouds. Besides, it should be noted that all the actions performed on data need to be accountable, and therefore, it should be possible to identify the person who realized any action on them. The Plus Workflow saves every data modification, due to what it is easy to identify a person who introduced given changes. The Plus Workflow is designed to assist system administrators in ensuring employee data security in the best possible way.