The General Data Protection Regulation (GDPR) is a regulation through which the European Commission intends to promote the security of data.
The GDPR will apply in full from May 25, 2018. It thereby replaces the current directive relating to privacy.
The purpose of this document is to indicate that Wings Software wants to provide assurances that our software will allow you to apply the GDPR to be applied in your daily operation with the package.
Different roles
In the context of GDPR, there are various roles and
responsibilities (Article 4 of the EU GDPR):
- Controller - "means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and the means of processing personal data".
- Processor - "means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller processes personal data"
In this context, Wings Software works as a 'processor' on behalf of your organization as the 'controller'. Wings
Software does not, however, do any substantive processing of your data.
The affected customers, suppliers and employees whose data are maintained are 'Data subjects'; hereinafter referred to
as relationship(s).
Four pillars
As you know, in Wings Software data can be entered, consulted (personal) data can be entered, consulted, modified and deleted in Wings Software. We provide the necessary tools so that you can fulfill your role as as a data controller. Thus it is possible to overview of the data held on each person, to secure secure access to the data delete personal data and migrate/export certain migrate/export.
1) Securing
Each user can secure their account in Wings Software with a personal password. This way, unauthorized persons from logging in. This is a crucial requirement for GDPR Compliance.
In addition, the package allows one to define the access rights and match them to the user profile.
2) Overview ("Right of Inspection").
A person (relation) can request access to the data you about him or her. In Wings Software it is possible to from the relative sheet of the person in question to call up an overview the person in question via the 'Print function'.
3) Deletion ('Right to be forgotten')
Since version 8.0 of Wings Software, it is possible to delete relations permanently delete relations when deleting a fiscal year
if they are no longer used in the remaining fiscal years.
The relationship cannot be deleted if there are already contracts booked on it. Among other things because of the history that must be preserved. The legal statutes of limitation apply to this applicable. In the other cases, you can simply delete the relationship at his request.
4) Data migration ("Right to data portability")
From Wings Software, certain data of an individual relationship can be exported (should that individual request that his/her data be transferred to another entity). Wings Software will ensure that the data is delivered in an industry standard format (such as in a CSV file or other depending on the situation and preferences) within one month of the request to do so.
Third Party
Wings Software will ensure that any third party that is hired in connection with the processing, fully complies with the GDPR
works.
What is not
Wings Software is never responsible for the data you place in Wings Software. We are only a processor.
Additional guarantees for Wings Online customers
If Wings Software and the database are on your own infrastructure (=purchase license + maintenance contract), then you are responsible for the security against breaches and loss of data.
If you are a Wings Online customer, we can offer you additional guarantees.
offer.
Standard measures are:
✓ Service provision under Belgian legislation.
✓ Tier 3 compliant data centers
✓ A strict policy not to take information outside the EU
✓ A security policy for employees to protect the Information Assets against theft, damage, loss, unavailability and unlawful disclosure
✓ Regular audits and an ISO 27001-certified Information Security Management System
✓ Regular testing of the Business Continuity Plan
✓ A broad set of technologies that prevent leaks, e.g.: VMware Encapsulation, secure LUNs on storage and virtual LANs (vLANs) plus VPNs to segregate data traffic
✓ The DDOS Protection service that stops suspicious traffic and alarm
✓ Optimized OS Logging
✓ Patch Management that implements the most important patches on the Windows Operating Systems
✓ 24/7 proactive monitoring of the entire server farm.
The chance of a breach occurring is small, but should it occur, our sub-processors guarantee us that we (Wings Software = Processor) will be notified immediately. notified. We will inform you as a customer (Processor) then immediately notify you so that the appropriate procedure can be followed for a report to the Privacy Commission.
Strong together
The GDPR is a new thing for all parties. We contribute where we can and where necessary we are happy to do our bit so that you as a customer can meet the obligations of the legislation. We will continue to follow up follow up the matter as far as our part is concerned and will take incorporate any changes and optimisations in subsequent updates of Wings Software.
