HOW SEAPLANNER HELPS YOU COMPLY WITH GDPR
We implement a number of features and processes within our software to help our clients remain GDPR compliant and follow data protection best practices.
SeaPlanner provides a number of tools to help comply with the new standards and give confidence to our clients in the security of their data held within the system.
Controllers determine why and how personal data is processed. We provide our clients with the tools and best practice guidelines to help them, as data controllers, stay compliant with data protection regulations.
SeaPlanner clients are Data Controllers, under provisions of GDPR.
SeaPlanner and Data Security
Data security processes that are central to our software include:
- Our servers are held in ISO27001 data centres to ensure optimal security
- We use permission level access to ensure users can only see data that is appropriate to their role
- Our solutions are accessed via 256 bit encrypted URLS that are salted with 6 or 7 sources unique to each client, giving each customer their own customised security
Protecting the Rights of your Database
SeaPlanner ensures you are protecting the rights of your database by implementing the following processes:
We have built our system to only collect the data our customers need.
We collect personal items such as Next of Kin data, phone numbers and medical details because they are essential to support operations. It is in the best interest of your personnel to know that, should they suffer a medical emergency, project coordinators will have the information necessary to provide immediate and effective support.
We don’t hold data longer than we need to.
At the end of each project we have detailed discussions with our clients regarding the personal data held on our files and give them clear options as to what they need to do next.
Help make Data Subject Access Requests (SAR) easier to manage.
SARs can be burdensome to complete. If a person requests all information that you hold on them + what you have used it for, it can be quite challenging to fulfil. We have built a SAR module into SeaRoc for you to be able to recall this data with just a few clicks.
The “Right to be forgotten”.
It is not sufficient to simply delete personal data from the system on receipt of a user request. Doing that would, in some instances, create both logistical and contractual issues for our clients. It is critical, for example, for clients to understand at the status of a site on a certain date should there be an event that leads to liquidated damages. In the case of an offshore windfarm, for example, the failure of an individual to transfer and complete a piece of work on a set date could have financial implications. It is not, however, necessary for SeaPlanner to maintain those personal details. We would only need to be able to provide sufficient information for the Contractor to be able to identify the right team member and they would be legally empowered to maintain that information. The lesson here is that the implications of GDPR are not simple and it is essential that providers think through how they respond to requests under the legislation and the implications of their actions.
SeaPlanner includes an option to anonymise an individual. The anonymisation process removes Personal Identifiable Information (PII) from client data on request, thereby allowing clients to analyse historic data without infringing the data subject’s rights.
Evidence that the work has been done.
Administrators need to receive a clear, unambiguous record to confirm that the team member’s request has been actioned. That will ensure that they can evidence that they are meeting GDPR standards even when the action has been taken by a third party supplier.
At SeaRoc Group we have an internal Data Protection Officer who is responsible for continuing to monitor and analyse our solutions and processes, ensuring complete compliance for the company and our clients.
If you have any questions or concerns regarding the processing of personal data using our software or wish to exercise your rights under applicable law, you can contact our Data Protection Officer on email firstname.lastname@example.org