On 25 May 2018, the General Regulation on Personal Data Protection (GDPR) comes into force. The newest edition of WEBCON BPS 2017 R3 will offer features that will help platform users efficiently adapt to these new legal requirements.
Personal data is not only the currency, but also the fuel of the modern economy. It constitutes a huge, constantly increasing value and its method of use changes along with advancing technological development. On 25 May 2018, the most meaningful change in the approach to personal data protection in twenty years takes effect: the General Data Protection Regulation (GDPR).
The new regulations will be uniform for millions of companies that process personal data in the European Union. They will entail a number of new legal requirements, including direct corporate responsibility for data used, the obligation to inventory and document it, as well as report violations.
In practice, the changes will affect most data-related processes. This means that it is necessary to adapt processing procedures and introduce IT systems that record and control this aspect of business operations.
In order to meet the challenges that the GDPR poses to administrators in regards to personal data, the latest version of WEBCON BPS 2017 marked as R3 (release no. 3) introduced new capabilities to ensure organizations adapt to the new requirements:
- Identification of processes that are a dictionary of personal data (e.g., applicant or contact person cards, etc.), to enable:
- transparent management of access to personal data dictionaries
- efficient editing of personal data (the right to rectify data)
- removal/pseudonymization of personal data (the so-called "right to be forgotten")
- Identification of processes, as well as individual fields on forms (attributes) that store personal data, to ensure:
- the possibility of automatic pseudonymization or deletion of given personal data (the so-called "right to be forgotten"),
- the possibility of restricting the visibility of personal data, and even of selected fields, to certain individuals/groups (the so-called Privacy by Design).
- Specification of fields containing sensitive data, to allow:
- creating separate visibility rules for sensitive data (so-called Privacy by Design).
- Pseudonymization/deletion of personal data based on a dictionary from an external system, to enable:
- anonymization, or deletion of personal data based not only on a WEBCON BPS process, but also on data sources built on external systems (e.g. CRM, ERP).
We are aware of the pressure on organizations to find the fastest and most effective means of implementing changes resulting from the GDPR and their impact on IT systems, says Łukasz Wróbel, WEBCON CBDO. Even now, a few months ahead of the regulations coming into force, we updated WEBCON BPS to provide administrators of applications built using our platform the time to introduce changes and test them. Most importantly, changes introduced to the system are made available as part of the next edition of WEBCON BPS 2017, which means using these new functionalities won't require the purchase of an upgrade, adds Łukasz Wróbel.
Want to see how applying a SharePoint-based workflow solution supports compliance with the regulations regarding the GDPR?
Watch how specific features of the platform work out in a real-life use case of an employee recruitment process and consider the necessary steps to plan your process with the data protection policy in mind.
WEBCON's video "Taking GDPR preparation to the next level with WEBCON BPS" presents how WEBCON BPS tackles the challenge of labeling, tracking, managing and expanding the use of critical personal information in line with the GDPR.
On the other hand, WEBCON's webinar hosted by the ESPC "Employing SharePoint based workflows to meet the new GDPR regulations", presents the benefits of applying a SharePoint-based workflow solution to support compliance with the GDPR. Watch how to create a central personal data management hub, how to control personal data flow within the organization and how to handle the management of a ‘GDPR incident’.