The big question most businesses ask themselves is this: How do I become GDPR compliant? Since this is such a massive and widespread theme, I will try to narrow it down to touch briefly upon what GDPR means for Azets and our customers. But let me start off with some of the basics.
The new EU regulation on privacy and data protection – also known as The General Data Protection Regulation (GDPR) – entered into force May 25th, 2018. In simpler terms, GDPR is a set of new rules for privacy. The aim of the regulation is that individuals can trust that their data is being processed securely, lawfully and fairly. The current European Data Protection directive dates back to 1995. Since then, the methods of collecting, using and storing personal data have changed. Rapid technological developments has created business opportunities around personal data utilization. The GDPR will update the legislation to reflect personal data processing in the digital age.
The issues around personal data and data protection are enormous and grow in scale day by day.
It could be compared to the rapid developments of the digital community. The common denominator is the daily experience of just how fast these issues develop. This is also one of the key reasons why we are getting these new regulations. The storing, sharing and utilization of personal information is exploding.
Azets is the leading supplier of services and technology within accounting, payroll, HR, staffing and advisory in the Nordics – strongly supported by a leading edge within the investments in and developments of new technology. We store and process significant amounts of personal data in our systems, on behalf of more than 20,000 customers in the Nordic region.
That is exactly why we take GDPR very seriously. As a company, we aim to be transparent and support our customers as best we can in their efforts to become fully GDPR compliant.
We primarily deal with GDPR in two main areas
The first one concerns whether your company is “GDPR compliant” – that is, an analysis of what personal data your company holds and whether it is processed in compliance with GDPR. We go about this with our extensive knowledge of technology and in co-operation with specialized law firms in the Nordics. In Norway, for example, we cooperate with law firm Magnus Legal.
Combining the understanding of technology and legal is crucial, since they affect each other greatly.
In fact, need for new laws and regulations on processing personal data was needed because technological developments made it possible to utilize personal data in a wider scale than before.
The second area applies to the data we process on behalf of our customers. Or, put in another way; the data you hand over to us as your supplier and trusted partner. If you do use Azets’ services and technology, you can trust that this data is processed in a GDPR compliant way.
CoZone – the GDPR compliant customer portal
In order to be really serious about this, we have made sure that CoZone is GDPR compliant if used in the correct way. This is our user-friendly, cloud based customer portal.
CoZone is an extensive portal for payroll and accounting services. It is cloud based, so the tasks and data you need is available wherever you are, whichever platform you are working on. Whether you are at home, traveling or at work. Whether you are sitting with your mobile or PC. The customer portal covers many processes in your business and we continuously add new functionality to match our customers’ needs.
These are some of the key features of the portal:
- Document and invoice workflow
- Accounting and financial reports
- Billing process
- Other more specific modules adapted to different industries and businesses.
What makes the portal so strong, is the fact that the systems are integrated with each other, so that data can flow freely – if necessary. Visit the CoZone web site to learn more.
What does it mean that CoZone is GDPR compliant?
- Stores data servers we control and we have documentation on where data is stored.
- There is strict access control in CoZone. A person only has access to the areas to which he she has access. This may be one of the most important things within GDPR.
- Solid overview on which data is stored in CoZone and a structure that makes it possible to save other relevant information.
- Data is stored in accordance with the accounting legislation of the various Nordic countries.
- Communication between Azets and our customer on personal and sensitive data is done through CoZone and not with personal company emails. This makes it GDPR compliant, but it also makes sure that all communication is stored outside a mail thread. So if someone changes a job, the communication is still there, safely stored and GDPR compliant.
- Security at login where it is possible for 2FA (both password and generated PIN via mobile).
In this article I have focused on the relationship between Azets and its customers, and how we deal with GDPR. Many of the subjects that we discuss here can affect our customers in different ways, depending on their type of business and industry.
Want to learn more?
I recommend this blog post: 9 myths and misconceptions of GDPR.
Looking to accelerate your business beyond the Nordics? Simply jump directly to azets.com.