The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organisations who collect or process personal data. It will come into force on 25th May 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.
As we approach the GDPR launch in May 2018, Barium is focused on regulatory compliance efforts. During this implementation period for the regulation, we are evaluating new requirements and restrictions imposed by the GDPR and will take any action necessary to ensure that we handle customer data in compliance with applicable law by the 2018 deadline. You’ll receive notifications of new functionality and changes to our terms and conditions in the usual way.
Barium has always made information security and customer privacy a top priority - and our conformance to the ISO-27001 certification since 2013 have made us well prepared for the GDPR regulation. We will incorporate the GDPR regulation in our ISO 27001 routine to ensure compliance and continuous improvements (and of course we will use our own Barium-platform that is perfectly suited to give an organization the tools, processes and applications in order to become GDPR compliant) Read more about our capabilities here.
Our R&D and security teams are currently working hard, enabling the necessary changes to the Barium Live service to ensure we’re compliant by the May 2018 deadline. We also want to help you meet your obligations under the GDPR regulation to the extent that you use Barium to collect and store personal data. We will be providing updates between now and the May 2018 deadline, setting out the steps we will be taking to ensure that both we and our product are compliant with the GDPR in advance of the deadline.
Barium delivers a powerful and multifaceted platform, enabling customers to create applications for several use cases and also process different kind of information. Therefore it will be important for you to decide what kind of information you allow to store and process in the Barium platform (Barium Live) related to your internal policies.
Where do Barium store its data?
Barium store all of its data in professional hosting sites within Sweden.
What personal data is stored by Barium?
By default, we only store name and email for our registered users and customers. However, many Barium applications can be used to process personal data. And for this, a client specific routine need to be setup with the help and guidance from us.
What legal right does Barium have to collect and process personal data?
Barium need to collect and process name and email in order to deliver the service. Processing is necessary for the performance of the contract to which the data subject is party. This is the reason why Barium do not base our processing on consent. But our clients can (if they want) base their collection and processing of personal data in the platform on consent. Our platform is well fit for this.
How long do Barium keep personal data about our clients?
We keep personal data about our clients as long we have an active business relation regulated in an agreement, or as long as we intend to create a business relation that are regulated in an agreement.
How long do Barium process personal data our clients decide to store in our platform.
Customers can build almost any application within the Barium platform. They can fill these applications with any type of data. Our clients are in total control of their own data, including how long to store and process the data in our platform. By now, data need to be deleted manually, or by using our automatic functions. This will need to be setup together with a Barium consultant designed to your specific needs.
Also note that all data will be stored stored 30 days extra after deletion in our backups before the data is deleted beyond restoration. This can be good to take into consideration when communicating with registered individuals before they consent to any processing.
Does the Barium Licence Agreement comply with GDPR regulations?
It is very well aligned, however we will investigate if we need to add an extra appendix to the master agreement.
Where can I find more information?
We do have a comprehensive white paper on our GDPR efforts. Simply get in touch with us, and we can send it over.