GDPR & Zahara
GDPR is all about consumers and consent. You can take it as read that Zahara is as secure a system as it can be. We are on Microsoft Azure and we have encrypted databases at rest and encrypted bank details and passwords etc. There is more we can do in the future to secure access like Two Factor Authentication but generally it’s a good robust system.
In terms of consent there are two areas that we should consider. Users and Suppliers. Remembering GDPR is all about consumers and not so much business customers, what personal data do we hold? In terms of users, their first name, last name and email address. If one of your employees complains about this, they may wish to reconsider working in the real world because this is a requirement of any system. We need to know who is logging in at least.
Suppliers are a bit different. We hold their name and address and email but this is all information that’s on their website. I cannot see any of your suppliers querying why you hold their data. They certainly shouldn’t raise objections to you sending them a PO by email. The only area that I see could be an issue where we could be deemed to be holding personal information is sub-contractors. In this instance Zahara would hold their address as well as their phone number and bank details. If you have any subcontractors, you may wish to gain consent to store their information on any system as well as Zahara.
The thing with GDPR is that it’s about not storing personal information unnecessarily like their sexual orientation, religion and political beliefs. Zahara is just a platform to manage one process in a business. We couldn’t care less about this information and would never have fields to store anything remotely personal. A consumer can ask to have their personal information removed from all copies, but again we aren’t Experian or Facebook.
