Therefore in August 2017, we initiated an analysis together with the audit and advisory company PwC and law firm Mazanti-Andersen, Korsø Jensen, to provide an overview of what the new rules mean and what it takes to help our customers comply with the new regulation.
Below you will find answers to a number of questions about the data processing agreement, data storage and data access in relation to our customers.
Note: The EU General Data Protection Regulation covers many aspects of data, but here we focus specifically on personal data that is related to payroll and HR tasks.
1. What are the most important changes in relation to staff administration?
The new GDPR not only contains significant new requirements for documenting the processing of personal data, but it also implies an expectation of greater accountability in the handling of personal data. New documentation requirements, insight, data processing agreements and employee training are some of the main points. The company must demonstrate that it treats personal data legally and safely, including where, how and why to store personal data and who has access to them.
This calls for new internal processes at each individual company. For example, only employees with a relevant need for access to personal data should have access. And in that case, they must have individual user rights. In addition, it is important that the security is adequate.
2. Does Mark Information and our systems live up to the requirements of the new EU GDPR?
Mark Information currently lives up to the requirements of applicable privacy legislation and we are now working to implement the new GDPR at all levels, so that our systems, processes and contracts meet the new requirements.
3. Where are our customers' personal data stored?
For the vast majority of our customers, such data is stored on the customers' own servers. For customers with a hosting agreement, we and our subcontractors retain our customers’ personal data in Denmark.
4. Who has access to our customers’ personal data?
Only relevant employees at Mark Information have access to our customers’ personal data. They are well aware of the rules of how one should treat personal data and are naturally bound by a confidentiality clause. We only access data if necessary and only in connection with the agreement about support, remedial action, maintenance and update between us and the customer.
5. What changes are made as a consequence of the new GDPR?
You will find more information about the changes in ProMark on our customer portal.
6. How can I get a new data processing agreement?
The new data processing agreement can be found on our customer portal, ready to download, to be signed and returned to us. Special conditions are settled individually, so if relevant, contact us at email@example.com.
The new data processing agreement lives up to all requirements of the GDPR so you are equipped with the required documentation and can provide documentation, if necessary.
7. What should I do right now in relation to Mark Information?
In addition to the data processing agreement mentioned above, you will need to review your own processes and data in relation to your use of ProMark. You will find our guides on our customer portal.
Any other questions?
If you have any other questions to the EU General Data Protection Regulation and Mark Information, please contact us at firstname.lastname@example.org.