Aktion prepares to comply with GDPR

Information for Aktion.NEXT and CLOUD users

In connection with the validity of the new EUROPEAN PARLIAMENT AND COUNCIL REGULATION (EU) 2016/679 (GDPR), which is valid from 25.5.2018, we are preparing the addition of new functions in the access and attendance SW Aktion. These will include an extension of the current options at the agendas of people, visitors, events, attendance and related agendas in the range of:

• deleting people from DB after a defined time
• delete records history from DB after a defined time
• pseudonymization of DB records for the purposes of long-term data retention or data transfers without the need for the approval of entities
• adding some user rights to work with selected data areas
• additional, service and DB functions

EFG CZ Co. Ltd. is the Personal Data Processor in the sense of processing the stored data for individual attendance and access managers using Aktion CLOUD. In order to comply with the terms of the GDPR, EFG CZ Co. Ltd. implements the above new modifications to the CLOUD solution. As a data processor, they will provide data managers with the necessary additional tools to manage them. It further guarantees that the data stored in these systems is managed exclusively within EU member states and using technology tools in line with the GDPR. Aktion CLOUD is run on the Microsoft Azure platform.https://www.microsoft.com/en-us/TrustCenter/CloudServices/Azure/GDPR

GDPR support will be implemented from version SW 3.1 and will be available from the end of the first quarter of 2018. Information for users of older systems Aktion COMPLETE

Older products, Aktion COMPLETE, Aktion.ONE, Aktion.PRESENT and Aktion WEB, cannot be implemented for technical reasons. The SW will therefore not allow:

• saving detailed logging of personal data (history of changes)
• setting detailed user rights over processing/tracking of individual items of personal data
• creating outputs/logs for records of processing operations
• separating database and application level from a secure data access point of view (dual-layer architecture only)
• Enhanced functionality and system editing

Therefore, we recommend that users take the necessary organizational measures that, for the purposes of the new regulation, will limit activity over user-level entity data. In particular, keeping records of change logs, ie the processing of personal data. 

We also recommend that you plan to migrate the SW to the new Aktion.NEXT platform, which has already been deployed, and will continue to be supported and developed.

Using BIOMETRIC sensors

From the point of view of using biometric devices (sensors) in attendance systems, the GDPR regulation does not change. The Aktion Biometric attendance and access system do not store fingerprints, scans, or other employee identification data in a form that allows them to further process this information. The system works on the principle of converting biometric data into numerical expressions, the so-called numerical template, directly in the sensor, which does not allow for retrofit to be biometric.  Templates are not readable in the system. Therefore, the system can not be considered as a system for processing sensitive biometric data within the meaning of Article 9, Chapter 1. This principle complies with the current data protection rules in the form of Directive 95/46 / EC and related Law 101/2000 Coll. personal data.

EFG CZ Co. Ltd. reserves the right to change or modify this information in connection with the implementation of the Regulation into practice. We will inform you of any changes or further steps. Please direct your questions to the Department of Technical Support:helpdesk@aktion.cz

Day 13th February 2018

EFG CZ Co. Ltd.
Tel. support CZ: +420 222 746 303
Portal for technical support: www.ecare.cz
http://www.efg.cz
http://www.aktion.cz
http://www.dochazkaonline.cz
http://www.dochazka-skolky.cz