Table of Contents |
---|
Overview
The EU General Data Protection Regulation replaces the Data Protection Directive and will apply to all member states without requiring changes to national legislation. The new regulation is intended to harmonize data protection rules across EU member states and improve data protection for EU citizens. GDPR also encompasses the processing of data held on EU residents by companies outside of the European Union.
...
All companies with EU operations who employ more than 250 employees will be subject to GDPR, which takes effect on May 25, 2018. The Regulation acknowledges that many SMEs pose a smaller risk to the privacy of data subjects than larger organisationsorganizations. For example, Article 30 of the Regulation states that organisations organizations with fewer than 250 employees are not required to maintain a record of processing activities under its responsibility, unless “the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data […] or personal data relating to criminal convictions and offences”.
...
The EngageIP interface does provide facilities for entering notes and text. These include description fields when configuring services, comments in tickets, notes etc. The onus rests on the end user of the system to ensure that PII Data will not be entered in these fields. PII data should only be entered in fields designed for that purpose including:
Full name (Contact.Name)
Home address (ContactPoint.Value)
Email address (if private from an association/club membership, etc.) (ContactPoint.Value)
Telephone number (ContactPoint.Value)
Login name, screen name, nickname, or handle (User.Name)
First or last name, if common (Contact.Name)
Country, state, postcode or city of residence (ContactPoint.Value)
AccountID (User.Account)
Workplace (Contact.Company, Contact.Title)
...