GDPR compliance at Raptor Services A/S 2018-11-12T16:04:37+00:00
raptor-services-gdpr-general-data-protection-regulation

GDPR compliance at Raptor Services A/S

In the summer of 2017, Raptor Services started a process aiming to underpin compliance regarding the upcoming launch of GDPR – the 25th of May 2018. This to ensure that Raptor Services and our customers are compliant in regard to the new standards that must be met. 

What is the GDPR?

The GDPR (General Data Protection Regulation) is a new EU Regulation, which will replace the 1995 EU Data Protection Directive (DPD), in order to ensure the protection of personal data of EU citizens. The GDPR emphasizes the obligation on organizations, collecting personal data from customers. Whilst building on many of the 1995 Directive’s requirements, the GDPR really is all about ensuring the individuals’ right to privacy.

How does the GDPR affect our business?

The GDPR affects all businesses dealing with personal data. Therefore, you are probably undergoing the same process as we are. You are, presumably, already familiar with many of the ways, in which the GDPR affects your business. For your information, however, you need to be aware that you cannot collect personal data unless your customer has given a clear consent, explicitly indicating that you can collect their personal data. This becomes relevant when a given customer wants to make use of their rights. 

Moreover, when your customers are opting in for cookies it is important to be transparent with your “cookie-message.” Make sure that your customer understands how you are using their personal data. Below, we describe how cookies are being used on your website – whilst working with Raptor Services. 

When allowing us to track your customers cookieID, it enables us to create a personalized experience for a given customer on your website. More specifically, Raptor Services is tracking user behavior on your website. This tracking on your website will allow us to come up with personalized recommendations for your visitors. 

What are the consequences if we are not compliant? 

Being GDPR compliant is important for several ethical reasons. First and foremost, it concerns underpinning fundamental rights to privacy. This is an important matter, which is why Raptor Services are happy to be part of the movement, ensuring people their rights to own their data, online as well as offline. 

Moreover, the importance and consequences are underscored by the massive penalties imposed for violations, breaking the existing law regarding personal data. The fine will, naturally, depend on the type of violation. Due to the size of the fines, investing in GDPR compliance is a must for all organizations, including Raptor Services and our customers. 

raptor-services-gdpr-user-connection-network

What is Raptor Services doing to be GDPR compliant?

As a data-heavy company, working with both data mining and data processing, we at Raptor Services are greatly influenced by the GDPR.  

The increased focus on individual’s rights concerning personal data must be taken into consideration when building IT-systems. This is known as “Data protection by design and by default.” Among other requirements, this means that an individual can always demand data to be deleted or transported, allowing individuals to claim their rights to be enforced. Raptor Services comply with these requirements, enabling requests to be enforced. 

Data Protection by design and by default is:

  • Being able to transport data across different systems

  • Being able to give insights into registered and processed data

  • Being able to correct personal data

  • Underpinning the legal rights – including the right to be forgotten

Data Protection by design and by default is:

Delivering data-heavy services, Raptor Services A/S fulfill the requirements that have been set by Datatilsynet. Fulfilling these means that Raptor Services must hire a DPO. The requirements are stated below:

  • Working with processed data must be the organization’s core-competen 

  • A large amount of personal data must be processed

  • The processing activity consists of: 

    • Regular and systematical surveillance of people or 
    • Processing data containing personal information

Because of this, we have hired a DPO who will be committed to ensuring compliance with the existing law. Moreover, the DPO will have an intercessor role between Datatilsynet and Raptor Services.

Data Processing Agreement

To accommodate the requirements concerning mutual insurance with regards to GDPR we have, in collaboration with our lawyer, created a Data Processing Agreement (DPA). Thereby, we have documentation proving that our customers, when working with Raptor Services, are always meeting the requirements listed in existing law. Therefore, when working with Raptor Services, you are always GDPR-compliant.

Mapping

We have mapped our entire data flow and IT-infrastructure, both internally and externally. On this basis, we have ensured an overview of potential risks and consequences upon data-leaks. This means that plans of actions have been listed. 

E-privacy and cookiedata

We follow the upcoming process concerning: ePrivacy Directive: assessment of transposition, effectiveness, and compatibility with proposed Data Protection Regulation” closely. 

As for now, the change regarding what is known as the “cookie-law” remains unresolved. Therefore, we are currently preparing the potential compliance effort that lies ahead of us. This is done with the currently accessible information.

IT-systems integrations

The awareness about privacy is affecting online businesses across all platforms. This means that when Raptor Services integrate with other systems, further requirements are often set up, to ensure total privacyThe added requirements further complicate the processes when we are integrating our services with the systems you are using on your site. This is a continual progress and cost that we must carry when delivering superior solutions to our customers. 

Annual audit

To continually ensure compliance with existing law, we will introduce an independent annual IT audit. At the annual audit, we will walk through the documentation for IT compliance as well as the juridical communication of the existing level of compliance within Raptor Services, thereby ensuring the fulfillment of existing GDPR law.

STILL NOT SURE?

We are always happy to help, so feel free to contact us if you have any questions regarding GDPR compliance in relation to your partnership with us. 

TRUSTED BY COMPANIES SUCH AS

CONTACT US

Fill out the form and we will reach out to you shortly.

CAN’T WAIT?

FEEL FREE TO CONTACT US NOW