The European Union’s General Data Protection Regulation (GDPR) will both unify and restrict the processing of personal data within the EU. The transitional period for the GDPR will end on 25 May 2018. After this, the data protection regulation will come into effect, and all organisations in Finland as well as the rest of the EU must abide by it.
The new regulation will bring with it new responsibilities for our customers as data controllers, and for Apix Messaging Oy (hereinafter “Apix”) as a data processor. Personal data covers all information that can either directly or indirectly be identified as concerning a specific person.
As a business documentation and invoicing service provider, Apix is a processor of personal data. Our customers, on the other hand, are considered data controllers due to the personal data they input into the Apix system. The GDPR primarily concerns data controllers. This means that as data controllers you must inform your personnel and customers of your data security practices according to your own protocol.
The data protection regulation requires that a data controller and a data processor sign a mutual data processing agreement (DPA). This considerable change to previous legislation concerns all of Apix’s customers. To make documentation easier for our customers, we have drawn up a DPA on your behalf. This agreement covers all the details required by the GDPR concerning the outsourcing of personal data processing. If necessary, this agreement can be supplemented with the data controller’s own instructions and clauses.
The DPA will be appended to our service agreements, and it will not in any way affect the content of the agreed upon services or any other customer-specific conditions.
The update to our contract structure required by the GDPR will not require any actions on your part, in case you accept the principles of personal data processing outlined in the appendices. The changes outlined in the personal data appendix will come into effect after the notice period defined in the terms of agreement, but at the latest on 25 May 2018, when the GDPR comes into effect.
- Data protection appendix for Apix service agreements
- Guidelines for processing personal data
- Apix data security protocol
In case you have any further questions concerning the terms of agreement or other personal data processing statements, please contact our customer service.
(09) 4289 1324
Apix Messaging Oy