Who does the GDPR apply to?
The new regulation applies to ‘Data Controllers’ and ‘Data Processors’ of ‘personal data’ collected by organisations who are operating within the EU, or to organisations outside of the EU that offer goods or services to individuals within the EU. The GDPR 2018 will place specific legal obligations on Controllers and Processors.
Under the GDPR, a Data Controller is an individual, organisation or body of persons who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. A Data Processor, in relation to personal data, means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller.
As per the definitions supplied by the Information Commissioner’s Office (ICO), Eurostop’s clients are the Data Controller, and Eurostop acts as a joint Data Processor. Eurostop will only process customer data under written instruction by its Clients.
As a solution supplier, Eurostop provides a solution to securely store personal data, and which can facilitate processing of that data. Eurostop’s system solution provides facilities for the client themselves to act on the data to carry out necessary tasks on the data.
- For example
- Delete any personal data, as per their customer’s request
- Export personal data in a portable format, as per their customer’s request
Eurostop also provides support services to its clients; where the need arises for Eurostop to process data on behalf of the client, Eurostop will require a written instruction to proceed with processing, and will then execute that in a manner compliant with the GDPR regulations.
When does the GDPR come into effect?
The EU General Data Protection Regulation (GDPR) comes into force in the UK on the 25th May 2018.
Eurostop and its committment to the GDPR
As your technology supplier, Eurostop has undertaken work to make alterations to its software products in order to facilitate the new business processes retailers must follow to collect, hold and process personal data under the GDPR regulation. Eurostop provides its products and services, and will only process your personal customer data on your behalf, following written instruction.
Will my version of the software be GDPR compliant?
GDPR compliant versions of e-rmis, e-pos touch and our API, e-interface, will be released in March 2018.
In order to be GDPR compliant, you will need to apply to be upgraded to the compliant versions of the software and API interface. To have a higher standard of compliance to GDPR, you need also to be using Microsoft SQL Server 2016, which allows your customer data to be encrypted. Eurostop recommends that you upgrade to the GDPR compliant versions of our software, however as a data controller, it is your decision as to whether you do so. Should you elect to continue using the non GDPR compliant versions of our software and a non- encrypting version of Microsoft SQL, as a joint data processor, Eurostop would not be implicated in respect of any consequences arising from access gained to this exposed data.
Costs may apply for the change/upgrade. Please contact sales on 0208 991 2700 or firstname.lastname@example.org