EU’s General Data Protection Regulation (GDPR) is around the corner and has implications for almost all organizations in the area. Extenda has conducted a thorough investigation and the result was that while our products aren’t in the centre of attention there are touch points. What’s mainly makes POS software in scope is the wider definition of what is to be considered personal data.
Personal data means data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller.
This means that for example a loyalty number is to be considered personal data since a retailer can be assumed to have access to the identity behind the number. Loyalty numbers and similar referenceable identifiers occur on receipts, that in turn shows purchase behaviour of individuals.
GDPR means individuals (data subjects) get a number of rights, we have identified the following ones having direct implications on our products: Right to basic information, Right of access, Right to erasure and the Right of rectification. However, the extent of GDPR implication ultimately depends on how the products are configured and integrated in our customer’s environments.
To ensure smooth GDPR readiness, we have released new versions of our software with functionality and design to support for example logging of activities that involve personal data. Additionally, Extenda has trained consultants and also developed a template based pre-study that is designed to quickly and accurately pinpoint any parts of our customer’s applications that needs revision.
Please contact client executive if you want a more comprehensive presentation of our findings and solutions in this area.