Handling of deviations and incidents

Rules for reporting

GDPR defines responsibilities for reporting breaches or events about privacy.

• Data Processors (Simployer) shall, without undue delay, notify the controller (the customer) in case of violation of personal data protection.
• The controller has a 72-hour period from the notice of a deviation to report to the Data Inspectorate. Deviation handling shall be documented and there are requirements for what a non-conformance report to the Data Inspectorate shall contain.
• The registered (who is affected) may also require notification (in understandable language), depending on the risk the breach represents for the freedoms and rights of the registered.

How to report deviations to Simployer?

Simployer's customer center is manned all working days between 08:00 and 16:00 (08:00 to 15:30 in the period 1/6 to 1/8). The customer shall, in accordance with the current DPA report breach of security in the applications as soon as this is known to the Customer. Notification should preferably be sent to the customer center in writing through Support:

Support Center Norway
Support Center Sweden

The customer is responsible for reporting any necessary deviations to the Data Inspectorate according to applicable deadlines, as well as notifying any affected persons.

Simployer's handling of deviations

Simployer shall provide satisfactory information security with regard to

• confidentiality, ie the information is not available to persons who do not have legal access to the information,
• integrity, ie the information is not changed in an unauthorized or unintentional way
• availability, ie the information is available and operative for legitimate and authorized use

Simployer has a quality system to prevent vulnerabilities, and a separate deviation management system to handle reported deviations. The quality system is revised regularly and has defined procedures for how Simployer will respond to deviations of different criticalities.

Notification of the customer

If Simployer reveals a breach of personal information security, Simployer is obliged, without undue delay, to notify the customer of the deviation according to agreed upon routines. The customer must comply with his own warning obligations.

System Status

Simployer operates a service that shows the status of all systems at any given time. Users can subscribe to notifications in different channels from the status service. Read more...