How to Meet GDPR Requirements

Effective protection of personal data in ABRA Gen will not only meet GDPR requirements – it offers advanced tools to precisely determine who has access to the selected data and how he / she handles them.

ABRA je GDPR ready

Menu

Does your Information System Protect Personal Data in Accordance with GDPR?

If it does, it can:
  • handle the GDPR issues across the entire company – it will not add more work to you, but it will make it easier
  • distinguish and protect personal data, even by pseudonymization
  • control who accesses the data and how he / she handles them
  • generate the necessary extracts, archive the requests of the persons and, if necessary, enable complete deletion of the data
  • monitor and archive all data handling, including their display, and find out what happened with the data anytime
  • take into account the granted consents and handling of information on the basis of contracts or law
  • protect personal data across different processes, whether it’s wages, finance, marketing or CRM
ABRA Gen information system protects personal data according to GDPR.So ABRA Software provides an effective tool which will help you handle personal data in accordance with GDPR.

Advanced protection of personal and sensitive data in the ABRA Gen system:

ABRA je GDPR ready

New generic system for protecting personal and sensitive data beyond GDPR needs
ABRA je GDPR ready

Tools allowing protection of any item of any object class in ABRA Gen, including user-defined ones
ABRA je GDPR ready

Tools for making excerpt, export, or deletion of the data and overview of the requests for these tasks, including the slutions
ABRA je GDPR ready

Encrypted communication between the client and the application server (https)
ABRA je GDPR ready

New Definition of Data Protection agenda, protected by adjustable access rights and related Permission to Data Processing for Personal Data agenda
ABRA je GDPR ready

Different level of user privileges granting access only to authorized users and only for the period for which the consent was granted or for which there was a legal reason
ABRA je GDPR ready

Logging of data processing – including their viewing / displaying
ABRA je GDPR ready

In the basic version, system items in the company and person directories are protected.
Effective protection of personal data in the ABRA Gen system will not only meet GDPR requirements – it offers advanced tools to precisely determine who has access to the selected data and how he /she handles them. Read the details on data protection and GDPR in the ABRA Gen system..

Web Service for Collecting Consents to the Processing of Personal Data in Accordance with GDPR

Together with the new data protection in ABRA Gen, we are launching an additional web service that will enable you to effectively collect the consents to the personal data processing from individuals, e.g. for business and marketing purposes. The service allows you to send selected persons from the ABRA Gen directory and, after confirming their consent, automatically create a processing permission in the appropriate agenda.

Key Characteristics:

  • A well-arranged web interface with space for your unique text of the consent available to users from anywhere from the browser.
  • Sending of an email to selected people with the request for consent.
  • Direct link to ABRA Gen and automatic authorization of personal data processing.
  • Secured web application communication with ABRA Gen via API.
  • Possibilityto send an email notification with the expiration of the consent and the renewal request.

Are you interested in the web service? Please contact our sales department.

I am interested in the web service

  • Thanks to our webinars and expert workshops, ABRA Gen users can get a close look at how the new data protection works in the system and how to set it up properly to work in compliance with GDPR. Choose from May dates .

  • Interesting infographics, which shows what GDPR is all about.

  • 18. 12. 2017 At the beginning of December, ABRA Software organized a hands-on workshop on GDPR in the modern CIIRC classroom. There was almost a hundred listeners who could not attend the original workshop at ABRA Innovation Day 2017. Watch a video of the whole workshop .
  • For the successful transition to the new level of data protection under GDPR, it is necessary to analyze all corporate processes that process personal data. We have prepared an interactive form, that will help you with analysis.

  • Introducing a new level of data protection in ABRA Gen at the ABRA Innovation Day conference. Download the presentations: GDPR: personal data protection, Workshop: Data protection (GDPR)

  • The basic way to solve GDPR in the ABRA Gen has been defined. The ABRA Gen system will operate in full compliance with GDPR.

We reply to your questions.

When I have a GDPR-compliant information system, does that mean I do not have to deal with anything else?

This is not the case, a properly functioning information system is just one of many points that needs to be addressed before the European regulation comes into force. It is necessary to get the necessary conesnts, adjust the contracts, internal guidelines, train the employees, and set up the used information system properly with regard to the specific processes in the company. All the steps you need to manage GDPR succesully are summed up for you on our site.

Can ABRA Gen automatically recognize what data to protect and how?

No, like any information system, ABRA Gen needs to be set up and used correctly – if, for example, if there is a personal number in an item that is not intended for processing of personal numbers (eg in the IČ item) or the consent is not processed, data protection will not be guaranteed. In the beginning, it is necessary to analyze the processes in which personal data are processed and, in due course, to adjust everything that needs to be adjusted. Then the system offers a high level of security.

Do I need a consent to process any personal data? What about contracts or legal requirements?

It will not be possible to process personal data without a legal reason. Consent is one of them. Other reasons may include, for example, contract or legal requirements (for example, archiving of contracts, statutory guarantees, etc.). In the ABRA Gen system, it will be possible to record the legal basis on which the data can be handled, whether, for what purpose and for how long consent has been given, or by what legal period it is possible or necessary to delete the data. For specific settings and data handling, it is advisable to first analyze all types of data and consult the optimal course of action with a legal counsel.

Will the fields defined as personal data be automatically protected?

Defined patterns will be created that users will be able to use to work with personal information or use them for custom settings. However, it will be necessary to set the data to be protected from the outset, to determine the level of entitlement for different persons (eg other data will be seen by the salary accountants, another by the owner of the company) and to consider in advance any necessary modifications of the system according to their specific needs. For this purpose, it is best to first analyze all business processes that deal with personal data. In the basic version of ABRA Gen, the specified protection group items will be available for free, more advanced security can be addressed within an extended version of the system or customized.

Which parts of the ABRA Gen system will allow data protection according to GDPR?

Data protection will be organically growing through the whole ABRA Gen system, it can be set to all defined fields with personal data and will work the same way in the cloud or through the API.

Are you starting with GDPR? Do not forget anything important and create an action plan.

Even the best software does not prepare your company for GDPR by itself. Every businessman has to analyze and, if necessary, change corporate processes that work with personal information.

What needs to be done?

Note: Check the steps you need to take, choose the date by when they need to be done, and save the event to your calendar.

  • Perform process analysis using FREE form.
  • Start obtaining GDPR consents (ABRA Gen can save consents from the current version)
  • Consult with a legal adviser (adjusting contracts with customers, suppliers, employees, adapting internal guidelines, etc.)
  • Changing business processes based on analysis and consultation.
  • Collect all personal data carriers and schedule their destruction, archiving, or overwriting.
  • Revise technology and information systems – Schedule the implementation of changes (replacement of used SW, linking of individual systems and their correct setting).
  • Make the necessary changes to data security, including IT systems alterations, or select a GDPR-compliant system. 497/5000
  • Employee training, including training for the proper use of information systems. Set up data security against leakage and ensure all necessary records.
  • Other steps according to business conditions (e.g., assigning the DPO position).
  • You can also use our PDF form , where you can write important terms and notes.

    Stáhněte si interaktivní formulář Analýza zpracování osobních údajů pro potřeby GDPR (CZ)

    Any changes to business processes should be consulted with a legal counselor .

GDPR in Details

What is GDPR

Basic GDPR terms

What are personal information?

Any information about an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is a natural person that can be identified directly or indirectly, in particular by reference to a particular identifier such as name, identification number, location data, network identifier or one or more specific physical, physiological, genetic, psychological, economic, the social identity of this individual.

DPO

The GDPR regulation creates an entirely new position- the Data Protection Officer, whose establishment will be mandatory for some subjects. The main task of the DPO will be to monitor the compliance of the processing of personal data with the obligations arising from the regulation. The DPO carries out internal audits, staff training, and overall internal data protection agenda management.

DPIA
A Data Protection Impact Assessment is an expert judgment that must be made by an administrator if it is likely that a certain kind of processing, especially when using new technologies, taking into account the nature, scope, context and purpose of the processing, will be high risk to the rights and freedoms of individuals.

Data subject
The physical person to whom the personal data relate.

Privacy Manager
Any company, office, or institution that collects, processes and stores personal or sensitive data during its activity.

Personal Data Processor
Any natural or legal person or other entity processing personal data. The processor is anyone who has access to personal data.

Do you have more questions about GDPR?

I am interested in a presentation [post_title] EN