Welcome to our GDPR Trust Center.
Next, you will find a series of guides and a FAQ about GDPR in which we answer the most frequently asked questions about the processing of personal data. Finally, you will find a comprehensive guide below that explains what GDPR means to your business and how to ensure that you comply with the privacy regulation.
Our GDPR-integrated standard conditions and data processing agreement can be found on our terms & conditions page. Feel free to reach out to us if you have questions about the GDPR.
Security at webCRM (EN)
How does webCRM ensure that our mutual agreement complies with the GDPR?
In cooperation with our legal advisors, we have developed a GDPR-compliant data processor agreement. This agreement has the specific purpose of ensuring that both we and customers operate on a basis of complete GDPR compliance. You may find the data processor agreement here.
Practically speaking, how does webCRM ensure that we have the right data processor agreement between us?
webCRM is a standard software distributed to thousands of customers in many different countries. In order to ensure that all customers are provided the same rights, we have chosen to follow the industry standard and integrate the rights of the GDPR with our general, business terms & conditions. In doing so, we (like Microsoft and others) have established a "Trust Center" on our webpage, where we've gathered all the GDPR information that is relevant for you as our customer.
When does the GDPR enter into force?
The GDPR was approved and signed by the European Parliament in April 2016. The Regulation will enter into force after a two-year transition period and, unlike a Directive, the GDPR does not require approval by the national legislatures. This ensures that the GDPR will enter into force in May 2018 across the EU.
Who will be affected by the GDPR?
The GDPR does not only apply to organisations operating within the EU. Organisations outside the EU are also required to comply with the GDPR if they offer goods or services to EU citizens. It applies to all companies that process and store personal data on citizens residing in the EU, regardless of the location of the company.
What are the penalties for non-compliance?
Companies can be fined up to 4% of their annual global turnover, or € 20 million, for breaches of the GDPR – whichever amount is the greater. This is the maximum fine that can be imposed for the most serious offenses, such as where a company does not have sufficient customer consent to process data. There is a ‘layered approach’ to fines here: for example, a company may be fined 2% of its annual turnover for not having its records in order (Article 28), without informing the supervisory authority and the data subject of these omissions. It is important to note that these rules apply to both ‘data controllers’ and ‘data processors’. This means that cloud companies are not exempt from GDPR enforcement.
What defines personal data?
Any information related to an individual or ‘data subject’ which can be used to directly or indirectly identify that person. This may be anything from a name, a photo, an email address or bank details to posts on social media, medical information or a computer’s IP address.
What defines sensitive personal data?
Information on the religious, political and/or sexual preferences of a person, health-related information as well as information on race, affiliation with unions etc.
Are names sensitive personal in and of themselves?
A name is not sensitive personal data when viewed in isolation from other pieces of information. However, if a name leads to the identification of a person in a sensitive context (in combination with other data), e.g. if a person is participating in a health-related examination, then the name is considered sensitive personal data and is to be treated as such in correlation with the directives of the GDPR.
On May 25 2018, the new EU personal data act enters into force. The law, which applies across the entire EU, is officially known as the General Data Protection Regulation (GDPR).
The purpose of the new legislation is to provide EU citizens with greater control of their personal data. This is ensured through a series of legal measures which increase the demands related to the handling of personal data by companies.
We have a written a guide which helps you understand the GPDR and what you need to do in order to meet the demands of this new legislation.