Are there any specific rules businesses should be following in order to ensure compliance?
Article 5 of the EU GDPR states that personal data must be:
• Processed lawfully, fairly and in a transparent manner
• Collected only for specified, explicit and legitimate purposes
• Adequate, relevant and limited to what is necessary
• Accurate and kept up to date
• Held only for the absolute time necessary and no longer
• Processed in a manner that ensures appropriate security of the personal data
The GDPR have introduced a tiered approach to fines, meaning that the severity of the breach will determine the fine imposed.
The maximum fine a company can face is 4% of their annual global turnover, or €20 million, whichever is the highest.
Less serious violations, such as having improper records, or failing to notify of any breaches, can be fined a maximum of 2% of their annual global turnover, or €10 million.
There are 8 fundamental rights of individuals under GDPR. These are:
Yorze complies with the GDPR, this guide is intended to help our customers understand what we worked on to make sure they stay safe with Yorze.
At Yorze, employees have all been trained about the GDPR principles. New joiners, employees, consultants or freelancers joining forces with us are also strongly advised if not required to complete these trainings.
In accordance with the Information Commissioner’s Office or ICO we designated and officially registered a DPO (Data rotection Officer).
This is also mentioned in our DPA, Data Privacy Agreement) that each of our clients is invited to sign.
Our DPO is responsible for the following:
We keep up to date confidential maps and impact assessment on:
We also carried out a Privacy Impact Assessment, to make sure this process is made following the regulations.
All Yorze Data is stored in the AWS cloud in the EU region. Yorze has no local servers to store data on.
Documents provided by the customers of Yorze clients are stored encrypted with AES-256 using keys supplied via the AWS Key Management Service (KMS).
Data is transmitted to the Yorze Service on AWS using secure HTTPS connections.
Yorze maintains separate AWS environments for development and live customer data. These environments use separate AWS accounts to ensure no unauthorized access to customer data.
All operations within the Yorze AWS environments are logged and monitored.
We modified both our Terms of Service, and Privacy Policy. Through the Security Center, users can learn more about their rights when it comes to GDPR when to comes to:
These rights also apply to the customers of our users.
This means that upon request from their customers, our users (who are responsible for the processing of what they collect using Yorze), can obtain access, rectification, deletion, export and limitation to the data.
We encourage you to update as well your Privacy policy in order to specify to your clients that you’re using Yorze to collect securely personal data about your clients.
Once that’s done, you’ll be able to add the url of your Privacy Policy onto the secure client portal to make sure they read it before uploading their documents.
Under the GDPR, there must be a written contract when one business processes personal data on behalf of another business.
In other words, the law requires that we (Yorze) define in written agreement this business relationship in order for your business to be compliant with the GDPR.
Because you’re very likely to run a business if you’re using the Yorze service
In this case, you’re using Yorze to request and collect documents and information which may contain personal data about people or entities you’re in business with.
Under the GDPR, there must be a written contract when one business processes personal data on behalf of another business.
In other words, the law requires that we (Yorze) define in written agreement this business relationship in order for your business to be compliant with the GDPR.