25 May 2018 marks the start of enforcement of the European Union’s General Data Protection Regulation. This new piece of legislation has had a great impact on anyone whose business involves handling personal data about EU residents or within the EU. Naturally, personal data is at the core of working in sales, so TestMonitor and our users have also been busy to make sure that we are compliant.
This article provides an overview of the data-related roles and responsibilities when you’ve chosen TestMonitor as your Test Management platform and will explain TestMonitor’s efforts to live up to the values and requirements of the GDPR.
Using the TestMonitor to manage your customers means that you have engaged TestMonitor as a data processor to carry out certain processing activities on your behalf.
According to Article 28 of the GDPR, the relationship between the controller and the processor needs to be made in writing (electronic form is acceptable under subsection (9) of the same Article).
These three documents serve as your data processing contract, setting out the instructions that you are giving to TestMonitor with regard to processing the personal data you control and establishing the rights and responsibilities of both parties. TestMonitor will only process your Client Data based on your instructions as the data controller.
First and foremost, we process data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)).
Secondly, we process data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.
Thirdly, we process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).
What are these ‘legitimate interests’ we talk about?
Hopefully this helps you to better navigate the EU’s data protection requirements. If you have any questions with regard to the above, you’re welcome to reach out to us at firstname.lastname@example.org and we’ll do our best to explain things further.
As a company with roots in Europe, TestMonitor is very much up to speed with the implications that the EU General Data Protection Regulation has for businesses.
We appreciate the privacy needs of TestMonitor users as well as their customers and, as such, have implemented — and will continue to improve — technical and organizational measures in line with the GDPR to safeguard the personal data processed by TestMonitor.
A large part of GDPR compliance is making sure that there are procedures in place that ensure that data processes are mapped and auditable. We have added elements to our application development cycle to build features in accordance with the principles of Privacy by Design. Any access to the Client Data that we process on your behalf is strictly limited. Our internal procedures and logs make sure that we meet the GDPR accountability requirements in this regard.
Data subjects’ ownership of their personal data is at the heart of the GDPR. We have created a readiness to respond to data subject requests to delete, modify, or transfer their data. This means that our Customer Support Specialists along with the Engineers that assist them in their work are well-prepared to help you in any matters involving your personal data, in addition to providing the awesome customer support experience that you are accustomed to.
All of the above is supported by extensive training efforts within the company so that the GDPR compliant processes we’ve put in place are followed. Sessions on data privacy and security are an integral part of our onboarding process and each department receives training that is tailored to their work involving personal data. We take privacy and the GDPR very seriously.