European basic requirements for personal data protection
The General Data Protection Regulation (GDPR) is an European legal framework that came into effect on the 25th of May 2018.
The GDPR’s focus is the protection, collection and management of personal data, (i.e. data about individuals) and it applies to all companies and organizations in the EU who hold or otherwise process personal data (including sole traders) of people in EU Member States. GDPR even applies to companies outside the EU that offer goods or services to the individuals in the EU or who monitor their behavior there.
| Requirements | Sage XRT Treasury | Sage XRT Advanced | Sage XRT Common Services | Sage XRT Business Exchange |
|---|---|---|---|---|
|
Ensuring appropriate security The company must install appropriate technical and organizational safeguards that ensure the security of the personal data such as the securing of work stations and storage spaces, as well as confidentiality policies and clauses. |
||||
| Stronger Passwords and Protection of certain stored or exchanged data |
|
|
|
|
|
Managing individuals rights: data portability, right of erasure, right of objection to the processing/consent, right of rectification, etc. the Company must provide functions to correct and import/export personal data, as well as functions to select the individuals subject to processing of their data. |
||||
| Modification/Deletion functions available in every product, according to the user rights |
|
|
|
|
|
Helping demonstrate compliance The company must keep records of all the documents that demonstrate the actions set up to comply with the general data protection regulation - they could be presented in case of inspection, such as: documents describing the technical and organizational safeguards that it has installed to ensure the security of personal data use, the processing registry. |
||||
| Sage makes available records of all personal data and associated processing activities. |
|
|
|
|
