We’ve had questions from customers lately about whether or not Planday will be GDPR compliant. The answer? Absolutely.
The Planday executive team is committed to Planday’s compliance with the General Data Protection Regulation by May 25, 2018.
We understand that when it comes to compliance, you probably have some questions about which tool is the best choice. We think the answer to that is simple: Planday is the best choice for a secure employee scheduling solution, and we’ve outlined why below.
Planday is already safe and secure
Our compliance will build on the already safe and secure product we have now— ensuring your data and the data of your employees is as secure as possible. Planday complies with national data protection laws in all our markets, and we’re a certified CyberEssentials holder, which is a UK government-backed cyber protection scheme. We’re also registered with the Information Commissioner’s Office (ICO) and Datatilsynet (the Danish data protection supervisory body).
You decide whether we can see sensitive data
Planday employees can only access data on a need-to-know basis, and according to “the principle of least privilege,” which means Planday employees have the minimal level of access to data in order to do their job.
All access to customer data within the Planday product is via consent only. For example, when a Customer Success team member needs to access a customer’s Planday account, the customer must give permission for the CS team member to access that data.
Mandatory data protection training
Everyone who works at Planday has to undergo data protection and privacy training. Employees who can access sensitive customer data must go through even more extensive training on when it’s appropriate to access that information, which they can only do after a customer has given them permission.
We’ve long worked with top data privacy organisations
Planday has long partnered with data privacy specialists and legal advisors on an ongoing basis to ensure continuous compliance with GDPR and other worldwide data privacy regulations. Additionally, we have a third party carry out extensive penetration tests and a security audit on a regular basis.
Your data is safe with us
All customer data is encrypted and backed up to a secure facility. We also use antivirus or malware protection on all machines at Planday. All machines used for software development, or those that come in contact with sensitive data, use encrypted disks.
Customer data is encrypted from end-to-end. This means when you enter information in the app, your data is sent to an https web processor, then stored in a database. Your information will be encrypted throughout that journey, so it can’t be read at any point.
Everyone at Planday, from our CEO to our newest hire, takes data protection very seriously. We’ve baked that into our culture by problem solving, developing and designing our product and processes with protection and security in mind. So, when you decide to sign up for Planday, know that you’re in very safe hands.
Choose your software providers carefully
In order for your business to be GDPR compliant, you must use service and software providers that are also compliant. The consequences on non-compliance are severe, so choosing compliant providers is absolutely key to keeping your business financially afloat.