FAQs on the EU General Data Protection Regulation

1. What is the EU General Data Protection Regulation (GDPR)?

The EU General Data Protection Regulation, GDPR, which entered into force on 25 May 2018, enforced stricter requirements on processing personal data and introduced completely new obligations for companies. The purpose of the regulation is to strengthen the privacy and data protection of EU citizens, which is a fundamental right belonging to everyone.

A group of experts set by the Advisory Committee on Information Management in Public Administration (JUHTA) will publish pieces of video training and web tests concerning data protection and data security, which you can find at: http://tietosuoja.vahtiohje.fi/fi/#/front

For further, general information on the GDPR, please visit the website of the Data Protection Ombudsman.

2. How the GDPR was taken into account at Finago?

An Accountor Group-level project was launched in 2016 to respond to the requirements stipulated by the General Data Protection Regulation in our day-to-day operations. We designated a data protection officer as well as persons, from each unit and company, responsible for data protection matters within their respective organization. The project included different work stages, such as documentation, training as well as process and system changes.

For our customers, we offer a myGDPR tool, which helps to ensure that the organization is GDPR-ready.

3. What impact the GDPR had in practice?

We updated our general terms of agreement and instructions related to those since the GDPR sets out requirements for managing subcontractors.

We described the implementation of data protection requirements in our Privacy Policy and Notices as well as in the instructions of our products. This way, we ensured that transparent information on the processing of personal data is always available for both our corporate and private customers. Our objective was, for instance, to identify systems that required data portability functions and information systems that required higher protection level.

At the group level, we assessed the data protection impact in relation to the systems we use and in our product development activities. We described and analyzed
risks related to the processing of personal data in order to ensure the compliance with the regulatory requirements.

Providing personnel with data protection training was an essential part of the project.

At Accountor Group, we will closely monitor any amendments made to data protection laws, such as the modernization of the EU Directive on privacy and electronic communications and authorities’ interpretations and statements on the GDPR.

All actions required for the fulfillment of the GDPR requirements related to systems, processes and instructions were implemented before the GDPR entered into force.

4. Other publications related to the GDPR

A set of informational and instructional documents about GDPR, the GDPR file vault view, has been added to Procountor including descriptions on personal data processing activities and other documents related to the GDPR which you may download for your own use. The GDPR file vault is available from the Basics menu.

As for Tikon, the same data protection material are available in customer pages with the name ”GDPR – tiedostopankki”.

Questions about the GDPR

If you have any questions concerning data protection, please contact us at [email protected]. Our Data Protection Manager is Tiina Rantala.