May 25 the GDPR (General Data Protection Regulation) came into force. As a SaaS software supplier, security and privacy are our top priority. We have taken various actions to ensure that TPSC is GDPR compliant; we have processing agreements in place with customers and suppliers, we have sent an opt-in campaign to our entire marketing database and we have rewritten our privacy statement. In a previous article, you can read more about these actions.
But the security and privacy of our customers, their patients/clients and employees are also important to us!
With regard to the GDPR and using TPSC Cloud™, we (The Patient Safety Company) are the ‘processor’ and our customers are the ‘controllers’ of the data. The GDPR comes with new obligations and responsibilities for both roles:
- Transparency. The person whose data is being processed has given permission for this and knows which data, how and for what reason it is collected.
- View, modify and delete data. The organization must be able to provide insight into the data that is collected and - on request - data can be adjusted or deleted.
- Reporting data breaches. The organization is obliged to report data breaches internally. If a data breach poses a threat to the security and privacy of the person concerned, the breach must be reported to the national data protection authority within 72 hours.
TPSC Cloud™ is known for its user-friendliness. Also with regard to the GDPR, we want to support our customers as much as possible. Below you can read how our software supports our customers being GDRP compliant.
Use of data
The use of personal data must be consistent with the purpose for which the data is collected. TPSC Cloud™ includes advanced user management. You can assign permissions or access rights at different levels (users, groups, departments, etc.). In this way, personal data is only available to persons who actually need it.
As an organization, you must be able to export personal data so that it can be reused in a different situation. TPSC Cloud™ supports this through its export functionality. Reports, overviews and (elements of) files can be exported as PDF, XLS or CSV.
View and change personal data
By using the built-in reporting functionality you can create an overview of the data collected about a specific person.
Delete personal data
TPSC Cloud™ supports the right to delete personal data in various ways:
- Block data – Data that is no longer used, can be blocked. In this way, you can prevent the use (or misuse) of data.
- Delete data – Data in a file can be automatically anonymized. You can decide at what point this must be done, using the workflow builder. Note: this action is irreversible!
- Delete file items – Every file has an audit trail. This can be used to prove/show that the data has been deleted.
Check if your TPSC Cloud™ applications are GDPR-proof!
The far-reaching flexibility is one of the unique features of our quality & risk management platform. Applications are configured based on the needs and desires of the customer. However, this also means that the customer decides if and which personal data is collected.
Are you using one or more TPSC Cloud™ applications and do you want to know which personal data is collected, for which purpose and who has access to it? Contact your TPSC Consultant to perform a GDPR-check!
Do you have questions or do you want more information about how TPSC Cloud™ supports your organization being GDPR compliant? Please do not hesitate to contact us!