GDPR Compliancy
In the EU, the new data privacy regulation is coming soon into effect. By now, General Data Protection Regulation probably does not need introduction.
Time&Space users from the EU, both from the security and HRM side, are in fact responsible as “controllers” and “processors” of personal information, and their concern is legitimate. Our technical support partners are also involved, taking the responsibility of a data “processor” whenever coming in contact with personal information (typically through SLA services).
The most common question is a simple one: “Is Time&Space compliant with GDPR?”. The simplest and straightest answer is YES. Here it is in a a form of our official statement.
GDPR STATEMENT
Hereby we declare that to the best of our knowledge Time&Space software suite complies with General Data Protection Regulation (GDPR). More precisely, Time&Space will, by its design, properly configured and used, enable its users, both data controllers and processors, to comply with the regulation.
NOTES:
The following notes can help with more particular questions.
- GDPR does not apply to users outside EU, unless they are processing personal data of persons located in the EU.
- Many GDPR requirements do not relate to any particular software feature.
- Many GDPR requirements which do relate to some particular software feature are covered by usual functions such as Delete (right to be forgotten), or Edit (right to correction). Another such example is controlled access to data which is covered by user rights.
- Right to have insight into own personal data is covered in a number of ways ranging from personal user access, to printed reports and data exports.
- The requirement for logging all personal data acces, including viewing, is covered with Application Audit Log option.
- This declaration applies to the current Time&Space software version only (version 10).
- According to GDPR, compliancy is sole responsibility of the user, either data controller or data processor. As a software manufacturer Spica is neither, and cannot accept any responsibility for eventual non-compliance.
March 19, 2018