eNoteFile provides software globally, including to European Union (EU) organisations and residents. The EU has a specific set of regulations regarding protecting the data of its citizens called the General Data Protection Regulation or ‘GDPR’. While eNoteFile has always maintained high level data protection in accordance with the Australian Privacy Act, we have further addressed our specific GDPR compliance. The GDPR’s requirements apply to EU residents’ personal data and anyone involved with eNoteFile who processes that information. The GDPR has key principles and data subject rights which are addressed in our Data Processing Addendum (download), and it outlines eNoteFile’s commitment to meeting and being accountable to these.
This information helps demonstrate our organisation’s priority regarding data protection, privacy and security compliance and forms part of our wider commitment to accountability. It helps simplify complex obligations we have to regulations and protocols, and provides the basis for our staff training and specific compliance practices.
- Created an internal Data Protection Policy, principally through our Data Processing Addendum (DPA) – download.
- Appointed a Data Protection Officer (DPO) – for more information please email [email protected].
- Appointed an EU Representative – for more information please see our DPA.
- Educate all staff regarding GDPR.
- Ensure our Head of Software and Data Protection Officer (DPO) have regular meetings to update policies and staff.
- Include privacy by design principles in all development.
- Mask, de-identify and collect minimal data.
- Use individual logins and passwords to access sensitive data.
- Ensure all suppliers have appropriate safeguards if they’re processing data we pass on.
- Make sure staff only access private data when necessary and with consent.
- Use templates for internal risk analysis.