Privacy Statement and Data Protection Officer

We strongly recommend that you publish a privacy statement on your web page and nominate a person or persons to be Data Protection Officers in your organization.

Privacy Statement

For communicating your security policy both to your customers and your employees, and other people involved, make sure that you have the privacy statement defined, and that it can be accessed by all concerned. Consider defining the following items in your policy:
  • What kind of data is saved in the system?
  • What is the retention time of the data saved in your system?
  • How is this data protected?
  • Who is your Data Protection Officer to be contacted if any interest to data protection questions arise?
  • How can the people interested in their personal data saved in the system request information about it?

Data Protection Officer (DPO)

Each organization should have a person or persons named to be Data Protection Officer (DPO). The tasks of a DPO include but are not limited to:

  • DPO makes sure that should there be any changes in the privacy statement, the customers are informed about it in an appropriate way.

  • DPO is a contact person for the customers that request information about the personal data saved about them in the system, and deletion of that data when requested.
  • Only DPO can collect a person's personal data, or delete it, on request.
DPO rights are not included in any default role but user administrators can grant DPO rights in the System Configurator User and Role Management > Users > User Rights > User Service > Data Protection Officer (DPO) . This right enables a user to search and delete personal data with the Generate Personal Data Report tool, see Generating Personal Data Report.