On the 25:th of May this year a new set of rules come in affect for companies that deal with European citizens. This will give some basic rights to people and the information related to them.
This will affect all companies in EU or working against EU, so if you are an US based company but have customers inside EU you are affected by this.
- Right to know what is stored
- Right to be forgotten
- Right to correct wrongful data
- Right to portability
- Right not to be a subject to automated decision making
This will then have some effects on your company and the systems holding the information.
- Make sure you know what information you use to what and where
- Make sure that you process information on a legal ground
- Inform and get consent from users if needed
- Make sure that information is safe
- Make sure that right people have access to the information
- Make sure that you can erase information/anonymize that you don’t have rights to process anymore (Yes, backups also apply)
- Make sure that you can correct wrongful information
- Have a routine to investigate and report data breaches
- Make a list of all your data processors
How can we handle this in a Domino based system then?
Notes names and the Adminp process is a good start to comply with right to correction and right to be forgotten. But you might probably need to adjust your applications
Fulltext search and Domain search can also help you find data that you need to remove and/or correct.
If you need assistance, have questions or need help getting ahead of this feel free to contact me.
Also Follow my twitter flow for GDPR articles in Swedish and English –> GDPR News
I’ve also found a tool that can help you track changes in your Domino environment GDPR Logger
( Contact me if you find this tool interesting )
Some more info in this youtube video by Ytria