Please wait...

Renteon is GDPR ready! Are you?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. GDPR will come into effect across the EU on May 25, 2018. VIP-DATA welcomes this regulation as oppotunity to further increase Renteon's overall security and data protection by implementing appropriate technical and organisational measures together with our customers.

What have we done?

Security

Security is the first level of protecting sensitive data. While it is always in our focus, we did several improvements, including, but not limited to:

  • Enforced strong password policy
  • Enforced Two Factor Authentication (2FA)
  • Access only over secure TLS protocol
  • Database level sensitive data encrpytion
Data Retention

The emphasis under the GDPR is data minimisation both in terms of the volume of data stored on individuals and how long it is retained for. Renteon requires only specific personal data depending on the context (e.g. offer will require less data then car rental contract). Renteon automatically records personal data collection purpose and time depending on the context. You will set data retention policies, defining necessary personal data processing time period for each collection purpose. With these combined, you will collect only required personal data, and process it just as long as needed.

Right to Be Forgotten

Right to be forgotten allows individuals to request that any records held on them by an organisation are removed. We decided to implement this right by means of data anonymization. However, prior to anonymization, Renteon will check if active data rentention policies allow such action.

Right of Access

The data subject shall have the right to obtain confirmation from the controller as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. Renteon provides an option to download complete collected individual data in a single file. For this file we chose JSON, as both human and machine readable format.

Consent Management

If data processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. Consent should be collected for email marketing, direct sales, etc. In Renteon, we extended address book module with fully customizable consent management system. You can define your own consent purposes, consent sources and keep track of them for each individual.

Privacy

Proving, as well as controlling, who is accessing personal information, where they are accessing it, and for what purpose, is critical.¸For that purpose, we added new roles in Renteon, which control access, export and download of personal data. There are also new audit logs (personal data access log and user login log). Accessing customer data will record date and user, while mass export will also record reason. These logs are available for browsing in Renteon's reporting module.

Data Protection Officer

We added new role group consisting of all the required roles to give access and support to functions of your Data protection officer.

3rd party data sharing

We have identified channels in Renteon which can share personal data so you can settle data breach notification and privacy practices with 3rd parties.