2018-08-14

Information about the GDPR

What is GDPR?

The General Data Protection Regulation, GDPR, replaces the old Personal Data Act (PUL). The aim of the GDPR is to strengthen the rights of individuals with regard to their personal privacy. Individuals will be able to have access to how information is used and also request companies to delete, transfer or disclose information. For a company, the regulation governs all processing operations such as the collection, transmission and use of personal data of EU citizens. Companies outside the EU that process personal data of EU citizens are also covered by the legislation.

Egreement and GDPR

Egreement is compliant with the GDPR since the 25th of May 2018. We also help you as a customer to comply with the GDPR within the scope of the service. As a customer of Egreement, you can customise the service according to your needs. Below you will find a general description of how Egreement's service supports the GDPR and how Egreement processes personal data on behalf of our customers.

Egreement helps you as a customer to comply with the GDPR

Egreement's service is built on the principles of "Privacy by design" and "Privacy by default" under the GDPR. This means, among other things, that Egreement's service:

  • Ensures that you as a customer can comply with the basic principles under the GDPR. This includes, among other things, that within the service you can comply with data minimisation, storage minimisation and purpose limitation requirements. You decide which personal data to record about who has entered into a contract. In addition, you can decide in advance when the contract will be deleted or choose to delete it manually after a certain period of time.
  • Ensures access control - i.e. you as the customer can control who has access to what data. You can create and delete users yourself and also choose who has access to the contracts and when the contracts should be shared with multiple people.
  • Ensures that you as a customer can meet the data subject's rights, such as the right to rectification, erasure, restriction and deletion of data in accordance with the requirements of the GDPR. You can manage this yourself within the framework of the service by correcting, deleting and restricting their personal data. You can search for personal data yourself and thus find out which personal data is being processed. The Egreement service also supports the right to data portability.
  • Ensures that you as a customer can search for personal data and then create a record extract.
  • Ensures that you as a customer are able to comply with your obligation to notify in the event of a personal data incident. Egreement has processes in place to notify you, as the controller, of a personal data incident without undue delay from the time Egreement becomes aware that it has occurred.

Level of security

Egreement ensures that the system has a level of security appropriate to the risk in accordance with the requirements of the GDPR. This includes:

  • Pseudonymisation of personal data.
  • The ability to continuously ensure the confidentiality, integrity, availability and resilience of the processing systems and services.
  • The ability to restore the availability and accessibility of personal data in a timely manner in the event of a physical or technical incident.
  • a procedure for regularly testing, examining and evaluating the effectiveness of the technical and organisational measures to ensure the security of the processing.

Personal data processor agreement

Egreement only processes personal data on behalf of our customers (the controller). This means that Egreement is the processor of the personal data processed within the service. Therefore, in order to comply with the requirements of the GDPR, Egreement has developed a Data Processor Agreement with standard instructions that can be concluded between Egreement and you as a customer.

Other actions related to you as a customer

Egreement keeps a record of all categories of processing carried out on behalf of our customers. Egreement has also taken appropriate organisational measures to ensure that a high and appropriate level of organisational security is maintained. All staff and, where applicable, consultants have signed confidentiality agreements and have been briefed on how to store login details securely to ensure that no unauthorised person is given access to personal data.

Egreement only stores personal data within the EU/EEA. When engaging subcontractors, Egreement ensures that proper subcontracting agreements are entered into and that the subcontractors comply with the instructions you as a customer have regarding the processing of personal data. Our customers are also provided with the necessary transparency to ensure that personal data is processed correctly.

In other respects, Egreement also assists you as a customer to ensure - in accordance with what is required of Egreement as a data processor under the GDPR - that you can meet the relevant requirements placed on you, e.g. assisting with risk and vulnerability analysis.
Egreement has also adopted an internal personal data policy that regulates how personal data may be handled and provides its employees with the necessary training and knowledge.

More information about how Egreement processes personal data on behalf of our customers can be found here.