GDPR Compliance

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive EU regulation (Regulation (EU) 2016/679) designed to strengthen and unify data protection for all individuals within the EU. Its intent is to ensure that organisations include privacy in their security strategies and are more accountable to their customers.

How Synel supports GDPR compliance

• Ability to store documents including agreements and consent details
• Complete management of "Right to be forgotten", including backups
• GDPR-compliant reporting
• Ability to extract all data for a SAR request
• Highly secure and penetration-tested cloud solution

Key features of GDPR compliance

Individual's consent

The GDPR strengthens consent requirements. It is now up to companies that deal with data to demonstrate that they have collected the consent of each individual before any use of their personal data.

Designed privacy

Privacy considerations must be built in everywhere. Only data strictly required for a stipulated purpose can be used. This means focusing on data privacy as a real responsibility and designing processes correctly from the beginning.

Data portability

Individuals have the right to move, copy or transfer personal data, even to a competitor. This measure aims to put power back into people's hands concerning the treatment of their personal data.

Fines and penalties

The UK Government and Information Commissioner's Office (ICO) can attribute fines and penalties to companies that commit an infringement on the GDPR. According to recent research, cyber-attacks can cost businesses from $14.00 to $2.35 million per incident.

Use of a Data Protection Officer

The Data Protection Officer can be an employee or a service contact who informs and advises on the implementation of a general policy of governance for data. They will be able to secure and protect personal information owned by the company.

Accountability

Accountability is defined by the ICO as the obligation for companies to implement internal mechanisms and procedures to demonstrate compliance with data protection rules. This includes training of employees, security reports and tests.

Certification and security

GDPR imposes a global security obligation on companies and their consultants. Certifications and labels are a major advantage and mark of trust. The designed privacy of a service may be, for example, the subject of a certificate.

Data transfer

This law covers EU businesses, plus those who process data for them, even outside the EU. Every data transfer out of the EU is normally forbidden, though exceptions exist for certain kinds of transfers. Special contracts with non-EU countries can be verified by EU authorities to allow those transfers.

Data breach reporting

In case of a sudden data breach, data controllers must inform local supervisory authorities (such as the ICO in the UK) within 72 hours of becoming aware. In serious breaches, individuals must be informed too.

Synel UK compliance of solutions and services

When you are working with Synel UK, you can be sure that all 2018 and above released versions of Synel UK products and services are GDPR-compliant. With Synel Software Solutions, you can be at ease that you meet all the latest GDPR regulations.