The GDPR (General Data Protection Regulation) is an EU Regulation that replaced the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organizations who collect or process personal data. It came into force on May 25, 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.
Barium has always made information security and customer privacy a top priority - and our conformance to the ISO-27001 certification since 2013 made us well prepared for the GDPR regulation. We have incorporated the GDPR regulation in our ISO 27001 routine to ensure compliance and continuous improvements (and of course we use our Barium-platform that is ideally suited to give an organization the tools, processes, and applications to become GDPR compliant) Read more about our capabilities here.
We also want to help you meet your obligations under the GDPR regulation to the extent that you use Barium to collect and store personal data. Therefore we have ensured that both we and our product are compliant with the GDPR.
Barium delivers a robust and multifaceted platform, enabling customers to create applications for several use cases and also process a different kind of information. Therefore it will be vital for you to decide what type of information you allow to store and process in the Barium platform (Barium Live) related to your internal policies.
Where do Barium store its data?
Barium store all of its data in professional hosting sites within Sweden.
What personal data is stored by Barium?
By default, we only store name and email for our registered users and customers. However, many Barium applications can be used to process personal data. Moreover, for this, a client-specific routine need to be set up with the help and guidance from us.
What legal right does Barium have to collect and process personal data?
Barium needs to collect and process name and email to deliver the service. Processing is necessary for the performance of the contract to which the data subject is a party. This is the reason why Barium does not base our processing on consent. However, our clients can (if they want) base their collection and processing of personal data in the platform on consent. Our platform is well fit for this.
How long do Barium keep personal data about our clients?
We keep personal data about our clients as long as we have an active business relation regulated in an agreement, or as long as we intend to create a business relationship that is regulated in an agreement.
How long do Barium process personal data our clients decide to store in our platform.
Customers can build almost any application within the Barium platform. They can fill these applications with any type of data. Our clients are in total control of their own data, including how long to store and process the data in our platform. By now, data need to be deleted manually, or by using our automatic functions. This will need to be set up together with a Barium consultant designed to your specific needs.
Also, note that all data will be stored 30 days extra after deletion in our backups before the data is deleted beyond restoration. This can be good to take into consideration when communicating with registered individuals before they consent to any processing.
Does the Barium Licence Agreement comply with GDPR regulations?
It is very well aligned. You can read all about our Terms & Conditions here
Where can I find more information?
We do have a comprehensive white paper on our GDPR efforts. Just get in touch with us, and we can send it over.