What is the GDPR?

The General Data Protection Regulation (GDPR) is the most significant legislative change in European data protection laws. The GDPR, which becomes enforceable on May 25, 2018, seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for all of the EU.  GDPR will replace the EU Data Protection Directive (Directive 95/46/EC) as well as any and all the local laws relating to it.

Who does the GDPR apply to?

The GDPR applies to all organisations operating in the EU or processing “personal data” of EU residents. It defines personal data as any information relating to an identified or identifiable natural person.  It is important to know that businesses operating outside of the EU who also process personal data of EU residents are also subject to the GDPR

What do the changes mean for your business?

All organisations will need to demonstrate the security of the data they are processing and their compliance with GDPR on a continual basis. This will require you to construct, implement and regularly review your processes, technical measures as well as compliance policies.

Does Waymark IT have an updated privacy policy to meet GDPR requirements?

Yes – we at Waymark have a new privacy policy that applies to all companies within the Waymark group of companies. Our new privacy policy reflects the changes we have made in the operation of our business to ensure GDPR compliance.

Our Privacy Policy can be accessed here.

Where does Wayforce fit into your GDPR accountability?

Wayforce is designed to help businesses carry out work they are instructed to do by their customers. The data collected and stored to deliver those services should already be in line with your GDPR policy.

It is important to note that Wayforce is a Field Service Management product and not a GDPR compliance tool, and the use of Wayforce should be in line with your company’s own GDPR policy.

As mentioned, there are many aspects of your business outside of Wayforce where you will need to review processes to ensure they are in compliance with GDPR. It is recommended that you seek professional advice on GDPR if you are unsure of your requirements and responsibilities in relation to the law.

There are a number of areas applicable to your use of Wayforce which should be reviewed regularly as part of ensuring your compliance to your GDPR policies.  We have provided a checklist below, on your use of Wayforce and how it applies to GDPR compliance.

The publications on this website with regards to GDPR are only intended to provide a summary and general overview on the application of the GDPR to your business whilst using our systems. It is not intended to be comprehensive nor does it constitute legal advice.

Basic GDPR Checklist for using Wayforce

Below we have detailed some of the basic measures you should be implementing and be reviewing regularly to ensure you comply with GDPR during your use of Wayforce.

Remember – there are many other parts to the operation of your business outside of Wayforce where processes will need to be reviewed to ensure they are in compliance with the GDPR also.

As you know, every business is unique in how they operate and therefore the information is to be only used as a quick guide with regards to your use of Wayforce.

If in doubt as to how GDPR will affect your business we always recommend you seek professional advice from a GDPR specialist.

How do I ensure data is protected in Wayforce?

User Accounts

  1. Ensure regular reviewing / auditing of access to your users of the Wayforce system.
  2. Ensure that unused or expired accounts have their access removed to limit the potential for unlawful access to data.

User Permissions

It is important that assigned user permissions within Wayforce are appropriately set and reviewed regularly.

Wayforce security groups are designed to restrict or limit access to various functions within Wayforce based upon a user’s role in your organisation.

Passwords

Enforce a strong password policy to protect systems and data. Ensuring these passwords are complex will add an additional level of security to your data, in line with your security processes.

We also recommend having a password policy in place to ensure users change their passwords on a regular basis, this again minimises any potential risk of data breaches.

Mobile Device Management

One of the benefits of cloud-based software like Wayforce is that it can be accessed anywhere using a mobile device. However, this raises issues with how data on the device is kept safe particularly if staff are using their own devices.

Companies who use Wayforce mobile applications have full control over who is using it and therefore who can access personal data within it. From within Wayforce, you can control who is able to use the app and turn off access if someone leaves or if a device is lost or stolen, to prevent any data breaches.

If you operate a BYOD (Bring Your Own Device) policy it is your responsibility to know what devices your business data is being accessed on and to ensure that these devices are secure.

GEO Information

The adoption of GDPR does not prevent you using geo related information around jobs and engineers activities, within the Wayforce Mobile application. However, it is recommended that you consider a company policy around this in order to comply.

Using Personal Data

If you look to export personal data from Wayforce into another 3rd party software such as a CRM. Then you will also need to ensure that the usage of that 3rd party software is also in line with the GDPR, as well as ensuring any temporary storage of data, during a transfer, is handled in accordance to your own GDPR compliant data handling policy.

Need more information?

The Information Commissioner’s Office (ICO) web site has an excellent range of information and a number of helpful guides on the GDPR that may be helpful in reviewing your compliance.