Changes in Infobric Ease to meet the new standards of GDPR

Over the course of 2018 Infobric has communicated how we are preparing to meet the demands of GDPR, the new data protection regulation that will be introduced throughout the European Union the 25th of May 2018. Here we would like to inform you as a system administrator at a company designated as the data controller about the changes in Infobric Ease that makes it possible to process personal data according to the new regulations, and what settings we recommend you look at.

Why are you getting this information?

The companies using Infobric Ease are responsible for the personal data that is processed within the system.

If you are a system administrator at a company designated as the data controller you need to know the basic settings concerning personal data processing on your system client and associated sites.

We develop Ease to excel when it comes to personal data processing

To allow our customers to work according to the new regulations regarding personal data, and make sure you can accommodate the requests from your employees, we are making some updates to Infobric Ease and associated services. This has been a work in progress since 2016, and our systems and routines has been thoroughly reviewed and updated to make sure they accommodate the regulations in full.

This is some of the things we are working on:

  • Adjusting Infobric Ease and associated services in accordance with the new regulations.
    With functionality for storing and deleting personal data and specifying data controller.
  • Developing processes and system support to facilitate the process of the personal data controller to accommodate the employees’ rights and make sure these rights are protected.
    With the new GDPR portal requests regarding access, deletion, correction etc. can easily be handled.
  • Making sure that Infobric safety level is adequate, both from technical and organizational viewpoint.
    With new roles and permissions to further limit access to personal data in Infobric Ease.

Changes and new functionality

Below we will shortly describe the changes and new functionality in Infobric Ease and what actions you need to take. For more information and instructions, please visit our website here.

New settings for data controller on sites

Each site in Infobric Ease need to have a specified data controller. The personal data responsibility applies to the data that processed in connection to the site in Infobric Ease.

We have added a new function for the system administrator to specify who should be the responsible data controller for the system client. As default joint data controllers for the personal data applies, and the system administrator should then specify which companies should be selectable as data controllers. You could also choose single data controller and specify which company should be responsible for all sites on the system client.

 

New settings for using and storing personal data

According to the principles of personal data control, no more data than necessary should be collected and stored, and it should not be used for any other purpose than for what is was collected.

We have med it possible for you limit what kind of data is processed, how it is stored and after how long it should be deleted. The system administrator determines these settings on the system client in Infobric Ease by activating and de-activating different personal data categories, and setting the time period for how long they should be stored before deletion.

Change: New permissions/roles

According to the principles of personal data control, and GDPR, the aim is to limit the access to personal data as much as possible. To minimize this access, we are implementing two new roles on the system client and updating the permissions for the existing role Configurator.

  • User administrator, new administrator role with permissions to manage system users and permissions on the system client.
  • Report administrator, new administrator role with permissions to manage access to reports on the system client.
  • Configurator, we are changing the existing role so that it no longer has access to personal data.

These new roles can be assigned to users from the 25th of May and forward, and the permissions for the Configurator will be implemented then as well.

New settings for the Ease CheckIn app

This setting enables you to turn the presence synchronization on or off for the Ease CheckIn app. If it is turned off the user won’t be able to see registrations done with the card on the regbox. User will only be able to see the latest registration (checked-in/checked-out) done with the app.

GDPR portal for processing requests regarding personal data

All persons registered in Infobric Ease have the right to protected personal data, according to the new regulations. As an employee you have the right to request information about how the personal data is processed, what information is registered and have control to adjust, correct, block and move this information if needed.

Through our GDPR- portal we will give the companies responsible for the data control the possibility to manage all request regarding personal data in Infobric Ease. To gain access to the portal, those of you who are appointed to be responsible for the personal data need to contact support@infobric.co.uk.

Hints and recommended actions for you as a system administrator in Infobric Ease

Personal data controller

  • Make sure that the appointed person in your company is registered at Infobric. This person will be responsible for handling all requests to Infobric. Registration occurs in connection with the general contact signing procedure. If you haven’t submitted this information you can do this by sending a request to support@infobric.co.uk

Basic settings

  • Make sure each site has a specified data controller on a system client level. Follow up with affected site administrators for system clients with joint controllers to make sure they have made their selection.
  • Make sure settings for usage and storing of data is updated according to your preferences. Pay extra attention to the time period selected for each category. If you leave this blank, no data will be deleted.

Policys, routines etc.

  • Make sure your policies and internal routines are updated as to which persons are assigned administrator permissions on your system client. Review and update this information continuously and delete persons when they quit or otherwise need changed permissions and/or roles.
  • Be aware if you hire a personal data processor, for instance a machine rental partner, to manage Infobric Ease as a site or system administrator, you need a written data processor agreement in place. And only a responsible user can apply for new system users to be added by Infobric. We will inform our rental partners about these new rules and what it means from their point of view from the 25th of May and forward.

Do you have any questions?

Both the data controller and the personal data assistant has a big responsibility to do the necessary changes and updates according to GDPR. We recommend you reading up on what the GDPR actually entails at the Information Commissioner’s Office’s website Here you will also find hints and advise about what you can do to secure that your company complies to the new regulations.

You can rest assured that Infobric will help you with any information your may need to use Infobric Ease in a safe and regulation compliant way. We will help you sort out any possible issues or questions. Please contact us by +4420 3540 0193 or support@infobric.co.uk

Infobric systems are currently used on over 10 000 construction sites

Contact us

Are you wondering what's the best solution for you? How you can save money in your construction projects and at the same time increase security? We can help you with your questions.

St James House, 13 Kensington Square, London W8 5HD