Embedded privacy in Simployer

The controller

The data controller (customer) is required to comply with the requirements for embedded privacy when acquiring solutions (or developing themselves) according to GDPR. A prerequisite for this is that the customer does a risk assessment of what personal data are to be processed in the system.

Simployer as a system vendor and data processor

Simployer enables customers to make their risk-assessments by being open with what data that can be registered in the system and how the data is processed. We document the activities we do as a data processor and we document the activities the system facilitates for the customer.

Simployer embeds privacy in all modules, so that the rights of the registered are safeguarded. The following principles form the basis of all our solutions:

1. There is a clear purpose for all data entry in the modules. The purpose is documented in the form of activities.
2. Simployer does not allow the registration of personal data which will obviously violate new regulations but it is the customer who is responsible for what is actually registered in the system. Documentation of system data entities is kept up-to-date.
3. The role-model that controls data restrictions and transparency is set to the most privacy-friendly level by default.
4. Privacy is a factor in all phases of our system development, from idea to finished end-product.
5. The competence of our employees around privacy is systematically maintained.