All your Data Protection Needs – Covered
The GDPR deadline is looming, but compliance need not be a daunting task. ZURI, the mobile, web-based care management solution developed by Care Software Solutions, has got all your GDPR compliance needs covered.
The EU General Data Protection Regulation becomes active on the 25th of May 2018, and contains requirements on how businesses process and protect personal information. In the health care industry, protecting sensitive information is nothing new, what is new is that GDPR requires that the organisation must be able to describe how keeping this sensitive information safe is intended before doing so and show how it will remain compliant through policies, procedures and guidelines. This is where Zuri comes in.
As the main holder of the data, your business will be considered as a 'processor' but as the data storage and data handling provider, Zuri® will be considered as the 'controller' and as such, Zuri assures it provides a system that is fully GDPR 2018 compliant and ready.
The key points in the GDPR 2018:
- 1) Individual Rights
- 2) Subject Access Request (SAR)
- 3) Data Breaches
Zuri® takes data protection very seriously and in this vein, this is how Zuri can help your business comply:
Under the new GDPR, the person you hold data for has the following rights:
- - The right to be informed
- - The right of access
- - The right to rectification
- - The right to erasure
- - The right to data portability
- - The right to object
Zuri® complies with all of the above by giving access to the record held as required, from anywhere at any time. This allows the indidivual to be informed on the data held about them as well as rectify them if necessary or object to some of the data being held.
Should an individual request that his data held in Zuri® be deleted, they can then make a request and this will be processed. Additionally, if an individual would like the data held to be handed over to be imported across to a different system, this can be provided in various different formats upon request.
Subject Access Request (SAR)
A SARs request that is made directly to Zuri® in writing, will be responded to within 40 days as per the GDPR requirements with no fee if the request is reasonable as per the regulations. Zuri protects the interests of its’ clients by requiring specifics of the data required upon application, all SARs will require identification of the data subject or third party as evidence that the request is compliant with the current regulations. Zuri will only supply data after all security conditions have been met so as to safeguard your business and your client’s sensitive data.
Zuri® has been designed from the ground-up to be ultra secure. Data is hosted on secure servers, databases are secured and most importantly, data records are encrypted. However, data breaches often happens at the front end of any system where users login and access data. To combat this, Zuri has password rules to make sure the passwords used by users are sufficiently secure, two-factor authentication to prevent someone else from accessing a user’s profile with their password, the option to change the password on regular basis, and fingerprint authentication on smartphones and tablets to ensure only your approved users are accessing their profiles.