The European Union’s General Data Protection Regulation (GDPR) legislation is a new law ensuring data protection and privacy for all individuals within the European Union (EU). The primary objective of the GDPR is to give citizens back control of their personal data.
At Alloy Software, we are strongly committed to the privacy and security of all our customers including those residing in the EU. This commitment translates into IT business solutions which come equipped with an array of robust measures geared towards protecting your valuable data against unauthorized access, while giving customers full control over data storage and process.
The GDPR grants people a range of specific data rights and complying with GDPR means enabling the exercise of these rights. The following sections explain how our solutions address each of the GDPR data subject rights.
Helping address GDPR compliance using Alloy Software solutions
The right to be informed
Individuals have the right to be informed about the collection and use of their personal data. The data controller shall take appropriate measures to provide requested information to the data subject.
The customer registration form of the Self Service Portal can be customized to provide individuals with prompts for consent, statements and disclaimers concerning: your purposes for processing their personal data, your retention periods for that personal data, and who it will be shared with.
The right of access
Individuals have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing.
Administrators can provide individuals with a summary of their personal information, as well as a full list of communication with that individual logged in ticket activities.
The right to rectification
An individual can make a request for correction of inaccurate or incomplete personal data.
Users have access to their personal data via web portals and can make necessary corrections. Alternatively, users can request rectification of personal information by submitting a service request or help desk ticket.
The right to erasure
The GDPR introduces a right for individuals to have their personal data erased. Commonly referred to as the right to be forgotten.
Our solutions support the ability to record requests for erasure in the form of service requests or help desk tickets. Such requests can be processed timely to anonymize personal data. The processing of such requests can be automated with a special workflow action. Ask our technical services team for details.
The right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data. Unlike erasure, restriction allows data to continue being stored without being processed.
Individual Person records can be turned Inactive to prevent further processing. Personal information remains stored.
The right to data portability
The right to data portability allows individuals to have personal data transmitted from one controller to another, where this is technically feasible.
Personal information can be exported in PDF, HTML, and XML formats and provided to the data subject by request.
The right to object
Individuals have the right to object to processing of their personal information on grounds relating to his or her particular situation, for purposes of direct marketing, and for purposes of research and statistics.
The workflow processes that included approvals or other decision making steps can be altered to organize providing manual decision by request.
Rights in relation to automated decision making and profiling
GDPR prohibits purely automated decision-making that includes profiling with limited exceptions involving explicit consent or a contract between the data subject and controller.
All decisions our solutions are involved with concern only the efficiency of timely resolution of customer issues. These decisions are based exclusively on the internal operating guidelines of the IT department and optionally explicit SLAs with customer’s organization. Personal information is used only to identify end-users, and no other research, profiling, or automated decision making is ever performed.