GDPR compliant

The General Data Protection Regulation (GDPR – EU Regulation 2016/679), effective as of May 25, 2018, has introduced several important innovations regarding the processing, protection and circulation of personal data: the areas of application are many and involve every company, organization and entity that collects and processes personal data of individuals residing in the EU.

The European Commission defines personal data as “any information relating to an individual, whether private, professional or public. The following data are considered personal data: names, photos, email addresses, bank details, actions on social networking websites, medical information or computer IP addresses.”

Globe & GDPR

Globe will make your company GDPR compliant in two main areas:

Globe protects personal data, in accordance with the provisions of the regulation

Globe allows to manage all processes related to data processing, in compliance with what is defined in the record of processing activities

How to protect personal data with Globe

Document software Globe protects the personal data stored in the software in many ways:

Full configurability of user authorizations to define what documents and information are accessible

Document access logs

Document viewing, sharing and editing logs

Management of password expiration for the web

Access via Single Sign On and Active Directory

Encrypted passwords and databases

How to manage processes related to the processing of data through Globe

Globe relies on the powerful integrated workflow engine to streamline and automate the processes related to data processing, thereby facilitating compliance with the European regulation on the processing of personal data.

With Globe, you can:

Set up automatic workflows for exchanging and processing documents and information, thus ensuring that each document follows a precise, predefined and traceable path, and that only the appointed users are involved at the right time

Manage the expiration of documents by setting reminders, notifications and automatic workflows (e.g. deleting documents on the expiration date set in the record of processing activities)

Automatically group in dossiers (equivalent to traditional paper folders) the documents for each user: this way, it becomes easier to delete (right to be forgotten) or access personal data

Automatically block users that do not access the system for a certain number of days

Set automatic workflows, checklists and dashboards for procedures that involve personal data: for example, when hiring new staff, workflows can be set up to create records with the data and the documents required for the hiring process, to set deadlines, and to define checklists of actions to be performed and confirmed (generation of user, delivery of keycards, access credentials, etc.), in full compliance with current regulations. Furthermore, it is possible to define a checklist of actions to be carried out when a person leaves (e.g. workflow for deleting personal data and documents, revocation of access credentials, deletion of personal accounts, etc.)

Automatically generate, fill out and send privacy-related documents (e.g. employee, supplier, client policies) based on predefined templates, also allowing to record the consent provided.

GDPR: new features and opportunities

The GDPR provides for:

Information on data processing to be provided before collecting the personal data. This document specifies what kind of data are collected, how and why they will be used, for how long they will be stored and whether they are going to be transferred to other Countries

Collection of explicit and specific consent to data processing

Accountability of the data controller, who has great decision-making autonomy regarding the measures to be taken to adequately comply with the GDPR regulations, but takes full responsibility for the procedures and tools they choose to implement

Privacy by design and by default: each business must ensure that data protection is integral part of every company process development plan for products and services, and that privacy settings are set on most secure level by default

Each Data Subject has the right to demand that their data are deleted (right to be forgotten) and to receive the previously provided personal data in order to be able to transfer them to another data controller

Upkeeping of a register of processing activities containing, among other information, the data of the Data Controller and DPO (Data Protection Officer), the purposes of the processing, a description of the categories of data subjects and personal data, the categories of recipients to whom the personal data will be disclosed, the terms of deletion for the categories of data, and a description of the technical and organizational security measures put into service for data protection

Mandatory notification within 72 hours in the event of a major data breach

Although adapting to this new regulation may be seen as a costly and complicated operation, if the company has always followed the previous regulations (e.g. Italian Leg. D. 196/03), complying with current regulations should not pose any problems.

The GDPR should be seen by companies as an opportunity to make their businesses and businesses processes secure, digitized and optimized by investing in digital solutions that not only ensure security, but also full automation and control over documents and processes.

By implementing Globe, it is possible to manage all the procedures related to documents containing personal data in an easy, safe and intuitive way.