SystemGeneral Data Privacy Regulation (GDPR)

The General Data Privacy Regulation (GDPR) is a data protection and privacy regulation set in EU law. The GDPR is intended to unify regulations across the European Union. The regulations define a set of rights for individuals and responsibilities for the controllers and processors of personal information. These rights and responsibilities broadly include the following:

  • Right of Access
  • Right of Erasure
  • Data Portability
  • Data Protection by Design and Default
  • Records of Processing Activities

An important part for global companies is that GDPR extends the scope of the regulation to foreign companies that control or process the data of EU residents. In the context of GDPR, Loftware Enterprise SP (Loftware) is the data processor. You, as the Loftware Enterprise SP customer, are the data controller. The personal data that may be stored in Loftware Enterprise SP include names and email addresses.

Loftware Enterprise SP gives you the tools to help you comply with GDPR. When you enable GDPR compliance, you can encrypt the database connections and personal data of users and redact the information of deleted users. To enable GDPR compliance, see Configuring for GDPR Compliance in the Loftware Enterprise SP Installation and Configuration Guide.

Important! Enabling Loftware Enterprise SP's GDPR features is just a part of complying with these regulations. It is your responsibility to research your company's responsibilities when it comes to controlling personal data and complying with GDPR. Loftware cannot guarantee you will be in complete compliance after enabling the GDPR features in Loftware Enterprise SP.

Electronic Record Processing

Many global businesses must comply with regulations other than GDPR regarding electronic data. Businesses that produce food or medicine likely need to comply with the United States' CFR 21 Part 11 rules. These rules may dictate how long you must hold onto information, including eSignature. When you are configuring Loftware Enterprise SP for GDPR compliance, you must understand all your business' responsibilities when it comes to electronic data handling. Loftware Enterprise SP is flexible in that it allows you to set where to have the personal information of deleted users redacted.

Best Practices in Protecting Your Loftware Enterprise SP Data

Even if you are not required to comply with GDPR or CFR 21 Part 11, there are some common sense steps you can take to protect the data you store in Loftware Enterprise SP including the personal data of your users.

  • Change the default password of your SuperAdmin or ClientAdmin user. For more information, see Change a User's Password.
  • Back up your data at regular intervals.
  • If you provide a default password to users, make sure they change the password the first time they sign in.
  • When configuring email devices, do not use personal email addresses. Configure generic addresses that do not contain personal information as the From and To addresses.
  • When configuring integrations, do not use personal email addresses as Run As users.
  • When configuring Event Email Producers and Event Email Consumers, do not use personal email addresses.