Opera 3, Opera SE, infor SunSystems and Infor Q&A innovative finance and reporting solutions
Automate Purchase Invoicing and add control of spend with sophisticated approval workflows
HMRC certified solution. 1 in 20 employees in the UK is paid using Opera Payroll
CIS is a solution designed for the construction industry. Operations is for manuifacturing companies
Opera 3, SAGE, Office, we can host almost any application that you use.
Easy to use with other local apps
Virtualise your whole system, reduce expensive IT Support costs and benefit from the Cloud
Cloud with NVIDIA virtual GPU (vGPU) for 3D engineering and/or design software
We also offer IT Support to Cloud users to help with any software or hardware issues
Opera 3, SE, XRL, CIS & Operations
immediate access to accredited Pegasus personnel
Opera 3, SE, XRL, CIS & Operations
immediate access to accredited Pegasus personnel
Opera 3, SE, XRL, CIS & Operations
immediate access to accredited Pegasus personnel
We provide training courses on Pegasus Opera 3, SE, CIS, Operations and Zahara Procurement software
We’d Love to Hear From You, Get In Touch With Us!
All our knowledge at your fingertips.
Accessible 24/7 with exclusive training videos and much more
Intsys is a Business Software partner focussed on providing & supporting ERP and Cloud Solutions
GDPR
General Data Protection Regulation
Are you compliant?
WHAT IS GDPR?
The General Data Protection Regulation (GDPR) is the European Union’s new legislation to strengthen and unify data protection for EU citizens. It will apply in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
WHY IS THIS SO IMPORTANT?
The current Data Protection Directive (PDP) was enacted in 1995. Since then, both the complexity of the regulations and the public awareness have been growing hand in hand with the thriving technological progress. With many businesses operating across borders, international consistency around data protection laws and rights is crucial both to businesses and individuals.
WHAT IF YOU DON'T COMPLY?
If you fail to comply with the Regulation you could find yourself being fined up to €20 million or 4% of your company’s global annual turnover, whichever figure is larger, and your reputation could be seriously damaged.
Who does the GDPR apply to?
The GDPR applies to any organisation that operates within the EU or with EU data. Organisations can be considered ‘controllers’ and/or ‘processors’.
The definitions are broadly the same as under the DPA. Controllers say how and why personal data is processed and the processors act on the controller’s behalf
What information does the GDPR apply to?
The GDPR applies to ‘personal data’. However, the definition is more detailed and makes it clear that information such as an online identifier – eg an IP address – can be personal data.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria
What is new?
The most significant addition is the accountability principle. The GDPR requires you to show how you comply with the principles – for example by documenting the decisions you take about a processing activity.
You are expected to put into place comprehensive but proportionate governance measures. Good practice tools such as privacy impact assessments and privacy by design are now legally required in certain circumstances.
The Basics
Data Processor
You are Data Processor if you decide:
-
What IT systems to use to collect personal data.
-
How to store the personal data
-
The detail of the security surrounding the personal data
-
The means used to transfer the personal data
-
The means used to retrieve personal data about certain individuals
-
The method for ensuring a retention schedule is adhered to
-
The means used to delete or dispose of the data.
Data Controller
You are Data Controller if you:
-
Collect the personal data in the first place
-
Decide the legal basis for doing so
-
Decide which items of personal data to collect
-
The purpose or purposes the data are to be used for
-
Which individuals to collect data about
-
Whether to disclose the data and if so, who to
-
Whether subject access and other individuals’ rights apply
-
How long to retain the data or whether to make non-routine amendments to the data.
Are you
Processor, Controller or both?
Identify your responsibilities
Processor Responsibilities
[Holding data on your own servers]
As a Data Processor, you will have to safeguard data and ensure data resilience to a high standard. You will have significantly more legal liability than controllers if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.
Security considerations:
Physical security of data:
The building where the servers are housed must be adequately secured against fire, flood and theft.
At least one other secure building should be used for data storage and business continuity.
Backups:
Backups are the backbone of restoration and continuity. In the unlikely event of a successful hacking or ransomware attempt affected servers are less of a problem if a backup can be restored.
Cyber resilience:
You must have a cyber resilience strategy in place to reduce the risk of data breaches. It should include enterprise-grade tools as robust firewalls, anti-malware/virus tools and monitoring against hacking and staff visiting suspicious phishing websites.
Controller Responsibilities
[Entering and maintaining personal data]
As a Data Controller, you will have to comply with rules concerning consent, access, rectification and portability of data.
Consent
Consent under the GDPR must be a freely given, specific, informed and unambiguous indication of the individual’s wishes. There must be some form of clear affirmative action – or in other words, a positive opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity. Consent must also be separate from other terms and conditions, and you will need to provide simple ways for people to withdraw consent. Consent has to be verifiable, and individuals generally have more rights where you rely on consent to process their data.
Remember that you can rely on other lawful bases apart from consent – for example, where processing is necessary for the purposes of your organisation’s or a third party’s legitimate interests.
Access
The GDPR sets out the information that you should supply and when individuals should be informed. The information you supply is determined by whether or not you obtained the personal data directly from individuals.
The GDPR clarifies that the reason for allowing individuals to access their personal data is so that they are aware of and can verify the lawfulness of the processing
Rectification
Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. If you have disclosed the personal data in question to third parties, you must inform them of the rectification where possible. You must also inform the individuals about the third parties to whom the data has been disclosed where appropriate. The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.
Portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
Other responsibilities
Keep a record of data operations and activities
Carry out a data Privacy Impact Assessment (PIA) for systems and projects
Consider if you will be required to designate a Data Protection Officer (DPO)
Notify the supervisory authority of a Data Breach
Review data processing processes
Implement “privacy by design” and “privacy by default”
*Extended information is available in our Support Portal.