This new regulation came into force on May 25, 2018. It was implemented by the European Union to strengthen the protection of personal data and privacy.
As a Data Processor, RESA makes commitments and warns you, "airport", about the provisions you have to comply with as a controller.
What are the main obligations to be respected?
When using our products, you may pay close attention to:
• Implement technical and organizational measures necessary to ensure the compliance of the GDPR’s requirements,
• Ensure your use of our products remains licit, loyal and transparent,
• Gather only the necessary data,
• Determine and respect necessary retention periods, including back-ups,
• Keep a register of processing operations,
• Appoint a Data Protection Officer,
• Set up processes adapted to your data security and the processing of potential infringements,
• Carry out impact analyses for processing operations at risk.
What commitments has RESA made within the scope of its GDPR initiative?
A few months ago, we have initiated a GDPR initiative for which the implementation of a continuous improvement plan is underway.
Within this framework, we are already taking the following measures and commitments:
• A Data Protection Officer (DPO) for RESA was appointed,
• All of our engineers and consultants ratified a confidentiality and non-disclosure clause of sensitive data in their employment contract,
• We reinforced our security policy by particularly integrating the applicable elements useful for compliance of the GRPD into our traditional or hosted products,
• We have undertaken a review of our contractual elements. Clauses clarifying the parts and commitments related to the GDPR will be integrated into every new license and maintenance agreements,
• We are committed to assisting and warning you to any issues coming under the GDPR,
• We will provide a GDPR technical documentation base throughout its creation,
• You will be notified of any infringements of your data of which we will be informed,
• We will limit the processing of personal data only to documented instructions received from you and for the sole purposes of performing the services you have entrusted to us,
• We will integrate future developments within the data protection regulatory scope into our new products versions.