Sent Jan 25, 2018

GDPR updates to Centra

The new EU regulation for protection of personal data, the General Data Protection Regulation (GDPR), is coming into effect later this year. The Centra platform is of course in scope of the regulation, and will receive some updates to reflect that.

Centra is developed with data security as the main focus

One requirement of GDPR is that software should be designed for privacy, to protect the data in them. Thankfully, Centra is already built with data security as a top requirement.

_”Data in Centra is secured by a series of safeguards and monitoring systems”, explains Frans Rosén, Chief Technology Officer at Centra. “We detect for hacking attempts on Centra every week. Over the years, there has been two attempts getting past the first line of defense. We patched the flaw in less than an hour the first time and under 8 minutes the second time. No data was leaked.”_

Frans + US Airforce

Frans Rosén (right), Centra CTO, here advicingLt. Stephen Baker (left) of the US Air Force 352nd Cyber Operations Squadron on data security.

New privacy functions will be added in Centra this Spring

The Centra platform already meets most GDPR requirements, but we will be adding a few additional features during the spring, to ensure compliance with all aspects of the new regulation. Key new functions you can expect include:

  1. Delete all personal information identifiable of a customer upon request, while still keeping orders in the system for accounting purposes
  2. Batch delete personal identifiable for all customers who have been inactive a certain time (e.g. a few years)
  3. Export of all personal data of a customer (to provide to a customer upon request)
Terms and Conditions of Centra will change

Centra’s Terms and Conditions will also be updated during the spring, to reflect the fact that Centra acts as a processor of personal data that you are controlling. The updated terms and conditions will specify the extent and limits of such processing, in line with the new regulation.

Additional actions may be required

Through plug-ins and integrations with other systems, personal data can be transferred automatically from Centra to other software. This includes, for example, automatic transfer of customer and order data to ERP, accounting or warehouse management systems, and export of customers’ e-mail addresses to a batch e-mail tools such as MailChimp or RuleMailer.

If your Centra is set up to export personal data to another software, you will need to ensure that the other system is handling data in a GDPR-compliant way (or terminate the export of data). You also need to ensure the persons’ whose data you are transferring have given their explicit consent to that. If you are unsure if any data is exported from your Centra automatically, don’t hesitate to contact support for instructions on how to find out.

Updates to Centra will go live during the Spring

The changes to Centra related to GDPR will be included in Centra’s normal release schedule, with a new version roughly every 2 weeks (just remember to refresh your web browser to load the latest version of Centra). When new functionality is live, we will notify you through our newsletter as usual. If you have any questions before that, please let us know!

Disclaimer: This is in no way offering you legal advice in relation to how you and your company are supposed to handle the GDPR regulations, this is only explaining what Centra is doing so that our company adheres to the regulations of the GDPR. If you are unsure what you and your company need to do we suggest that you seek legal counsel.