GDPR (General Data Protection Regulation)

This new regulation came into force on May 25, 2018. It was implemented by the European Union to strengthen the protection of personal data and privacy.

As a Data Processor, RESA makes commitments and warns you, "airport", about the provisions you have to comply with as a controller.

What are the main obligations to be respected?

When using our products, you may pay close attention to:
• Implement technical and organizational measures necessary to ensure the compliance of the GDPR’s requirements,
• Ensure your use of our products remains licit, loyal and transparent,
• Gather only the necessary data,
• Determine and respect necessary retention periods, including back-ups,
• Keep a register of processing operations,
• Appoint a Data Protection Officer,
• Set up processes adapted to your data security and the processing of potential infringements,
• Carry out impact analyses for processing operations at risk.

What commitments has RESA made within the scope of its GDPR initiative?

A few months ago, we have initiated a GDPR initiative for which the implementation of a continuous improvement plan is underway.

Within this framework, we are already taking the following measures and commitments:

• A Data Protection Officer (DPO) for RESA was appointed,
• All of our engineers and consultants ratified a confidentiality and non-disclosure clause of sensitive data in their employment contract,
• We reinforced our security policy by particularly integrating the applicable elements useful for compliance of the GRPD into our traditional or hosted products,
• We have undertaken a review of our contractual elements. Clauses clarifying the parts and commitments related to the GDPR will be integrated into every new license and maintenance agreements,
• We are committed to assisting and warning you to any issues coming under the GDPR,
• We will provide a GDPR technical documentation base throughout its creation,
• You will be notified of any infringements of your data of which we will be informed,
• We will limit the processing of personal data only to documented instructions received from you and for the sole purposes of performing the services you have entrusted to us,
• We will integrate future developments within the data protection regulatory scope into our new products versions.