Security is the first level of protecting sensitive data. While it is always in our focus, we did several improvements, including, but not limited to:
The emphasis under the GDPR is data minimisation both in terms of the volume of data stored on individuals and how long it is retained for. Renteon requires only specific personal data depending on the context (e.g. offer will require less data then car rental contract). Renteon automatically records personal data collection purpose and time depending on the context. You will set data retention policies, defining necessary personal data processing time period for each collection purpose. With these combined, you will collect only required personal data, and process it just as long as needed.
Right to be forgotten allows individuals to request that any records held on them by an organisation are removed. We decided to implement this right by means of data anonymization. However, prior to anonymization, Renteon will check if active data rentention policies allow such action.
The data subject shall have the right to obtain confirmation from the controller as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. Renteon provides an option to download complete collected individual data in a single file. For this file we chose JSON, as both human and machine readable format.
If data processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. Consent should be collected for email marketing, direct sales, etc. In Renteon, we extended address book module with fully customizable consent management system. You can define your own consent purposes, consent sources and keep track of them for each individual.
Proving, as well as controlling, who is accessing personal information, where they are accessing it, and for what purpose, is critical.¸For that purpose, we added new roles in Renteon, which control access, export and download of personal data. There are also new audit logs (personal data access log and user login log). Accessing customer data will record date and user, while mass export will also record reason. These logs are available for browsing in Renteon's reporting module.
We added new role group consisting of all the required roles to give access and support to functions of your Data protection officer.
We have identified channels in Renteon which can share personal data so you can settle data breach notification and privacy practices with 3rd parties.