Cybersecurity

How does Kongsberg Digital help customers comply with the GDPR?

04 July 2018 by Kurt Swakhoven
On May 25, the General Data Protection Regulation (GDPR) came into effect. What measures have we at Kongsberg Digital taken to help our customers achieve GDPR compliance?

The General Data Protection Regulation (GDPR) is already in force within the EU, and within the next couple of months, it will be applied to the entire European Economic Area (EEA), that is the EU member states in addition to Iceland, Lichtenstein, and Norway.

In this blog post, I share what we at Kongsberg Digital are doing to help our customers meet the GDPR requirements.

What is the GDPR?

The GDPR is a regulation aimed at protecting the data privacy of all EU residents. It requires organizations offering goods and services to EU residents to reshape their approach to data privacy. As an EU resident, under the GDPR, you have the right to know if an organization is processing your personal data and what the purpose of such processing is.

Visit the EU GDPR portal if you want to know more about the GDPR.

How do we help our customers comply with the GDPR?

The GDPR strengthens all EU residents’ rights concerning their personal data. Since we store the personal data of clients of our customers, Kongsberg Digital is a data processor under these regulations.

We are acutely aware of our responsibility, and we do everything within our power to ensure that the personal data of both customers and individuals in our systems are protected. In this work, we build on the long tradition for delivering secure and reliable solutions within the KONGSBERG corporate group.

Measures we have taken to help our customers achieve GDPR compliance:

Appointing a privacy officer at Kongsberg Digital

  • KONGSBERG has established a privacy organization that includes a business area privacy officer at Kongsberg Digital. In close collaboration with the security organization and KONGSBERG privacy organization, the privacy officer is responsible for governing and implementing routines regulating the use of and access to personal data.

Implementing binding corporate rules

  • As a multinational company we have implemented binding corporate rules to ensure that all data transfers are in compliance with the privacy legislation.

Establishing a privacy statement

Establishing a data processing agreement (DPA)

  • The data processing agreement outlines the responsibilities of the customer as data controller and of Kongsberg Digital as data processor. It describes the nature of the data processing, any sub-processors involved, the rights of data subjects, and how notifications of data breaches and data audits are handled.

Using data centers in Europe

  • In accordance with the GDPR, the data centers we use are all located in Europe.

Changes to the way we work

In addition to the measures outlined above, we train all our employees in the GDPR requirements, and our digital platform, Kognifai, is based on the GDPR requirements and principles. These principles include practices for data classification, encryption, privacy by design, and more.

As a general rule, we collect only the personal data we need to provide basic services such as billing, authentication, and authorization. We will only use personal data for the purpose it was originally collected for and will, of course, provide customers and individuals insight into their data upon request.

Cybersecurity
ecosystem
About the writer
Kurt Swakhoven
Kurt Swakhoven is Vice President of Digital Platform at Kongsberg Digital. He is passionate about digital platforms and makes sure that both partners and customers benefit from the latest developments and advances in our digital platform Kognifai. Kurt holds an MBA from the Edinburgh Business School and earned a Bachelor in Electrical Engineering from Enschede University in the Netherlands. Previously, Kurt worked at Visma Software International as development director.