Our responsibility as data processer
As a data processor, we need to live up to a number of responsibilities. Read here and learn more about TimeLog’s role in The EU General Data Protection Regulation.
Our responsibilities are e.g.:
- We need to help you comply with your responsibilities
- We need to inform you if we assess an instruction as being illegal
- We need to perform back-ups so you do not lose your data
- We need to handle personal data based on your instructions
- We need to make sure that your data is safely stored
- We need to train our employees in handling personal data correctly according to the regulation
- We need to work out a data processing agreement
We have published our data processing agreement on our website which you can find a copy of here. The TimeLog responsible will always be able to access it directly in TimeLog.
We do not enter into specific contracts with our customers, instead, we work out one data processing agreement for all our customers.
Below we list the most important demands for the content of a data processing agreement, so you are informed about what you need to be aware of.
A data processing agreement requires among others:
- Framework for processing personal information
- Documented instruction
- Confidentiality and duty of secrecy
- Security of processing
- Sub data processors
- Cooperation with the data responsible company
- Deletion or return of personal data information
- Notification about illegal instructions
The above-mentioned bullets must be part of a data processing agreement. If just one of the demands is not part of the agreement, the agreement is considered invalid. The agreement must be in writing and electronically.
You can read more about TimeLog responsibilities related to GDPR in our FAQ with our customers’ typical questions related to GDPR and about your responsibility as a data controller.