This page contains the latest information related to KORE Software and the EU General Data Protection Regulation. The new regulations affect businesses of all sizes and KORE is committed to ensuring our customers have the right information and tools to protect their customers data.
The EU's General Data Protection Regulation is a replacement for the 1995 Data Protection Directive and applies to all EU citizens. It is focused on
Right to be Forgotten and Right to Data Portability allow data subjects to:
The GDPR builds on previously existing data access rights. Data subjects are still able to request access to their data, however now organizations cannot charge for processing an access request unless required, excessive cost it can be demonstrated. Access requests must now be processed within 30 days and can only be refused if the organization has clear refusal policies and can demonstrate why the request meets those policies.
While consent of data subjects is already required, the GDPR increases the standards for disclosure when obtaining consent to process or store personal information. The GDPR states that controllers must use "clear and plain" legal language that is "clearly distinguishable from other matters". It also states that any consent must be "freely given, specific, informed and unambiguous". This closes the door for "opt-out" systems or inferred consent. KORE's products are not end-user facing and do not allow users to input their information directly. However, as a controller, you will need to put processes in place to prevent unauthorized data from being entered into your KORE system. Under the GDPR, it is essential to make it clear to your users that they are opting in to sharing their data.
The GDPR expands the scope of the 1995 EU Data Protection Directive significantly. Under the GDPR, non-EU businesses who store EU data subject records are included in all requirements and restrictions. This removes any previous existing geographical limitations of scope.
The penalties outlined in the GDPR are dependant on the type of violation in question and can apply to both controllers and processors who mishandle personal data or violate the rights of data subjects. The fines can be the greater of up to 20 million Euros or 4% of the organizations global annual revenue.
As a customer using KORE's Software-as-a-Service products, it is likely that you have data that will fall under the GDPR. KORE is able to offer assistance in understanding the data you have stored, but it is essential that you do an evaluation of any personal identifiable information in your system. As May 25th, 2018 approaches, KORE Software is actively working on our GDPR compliance efforts. We are closely monitoring legal discussions, new requirements and new restrictions and will develop the necessary systems to handle personal data in a compliant way. This page will be updated as KORE's program and GDPR requirements come into effect.
CRM systems, including Microsoft Dynamics, Salesforce or SAP Cloud for Customer, are not part of KORE's product lines. However, KORE ProSports does synchronize data with CRM systems and data that is removed from CRM systems will be removed from KORE ProSports. It is recommended that you review your CRM agreements for GDPR compliance:
KORE enables and manages many integrations with 3rd party data sources. Most of these involve importing data into KORE's systems. While KORE can assist Controllers with understanding the data in their KORE system, KORE cannot control the data in 3rd party systems. In order to prevent specific user data from existing in your KORE system, you will need to both remove the data from KORE and from the source system to prevent it being re-imported by an integration.
For KORE DWA customers, it is essential to understand the various data sources that are aggregated into your data warehouse and which source contains personal data. KORE will work with you to handle and data requests but cannot control the data in 3rd party systems.
Disclaimer: This website provides information about GDPR but is not legal advice for your company to use in complying with EU data privacy laws. This is background information on how KORE is addressing some privacy concerns brought up by GDPR. For official legal advice, KORE Software recommends you consult a data privacy attorney.