systems@work & GDPR Compliance


On 25 May 2018, new European data protection legislation comes into force.

Known as GDPR, the EU General Data Protection Regulation is the most significant data protection legislation to be introduced in the past 20 years and replaces the 1995 EU Data Protection Directive.

In summary, the GDPR is designed to strengthen the rights of individuals regarding their personal data and is intended to unify data protection laws across Europe. These laws are intended to protect EU citizens and will apply regardless of where a users data is processed.

systems@work is committed to GDPR compliance across all our products and services. In addition we will work closely with our clients and partners as they rollout their GDPR compliance strategy in preparation for May 2018.


How Will GDPR Impact systems@work Clients?

The extent to which GDPR will impact you as a systems@work client will depend in part on the way in which our software is deployed and used in your organisation.

This is because GDPR makes a distinction between two types of roles:

  • Data Controller - The organisation which determines the purposes and means of processing personal data.
  • Data Processor - The organisation which processes data on behalf of the data controller.

There are a number of ways in which systems@work software may be deployed and used in your organisation:

  • On Premise - In this scenario systems@work software is installed and run on servers within your own organisational control. For the purposes of GDPR your organisation will most likely be both the Data Controller and the Data Processor.
  • Cloud - In this scenario systems@work software is installed and run on servers hosted in an external data centre. For the purposes of GDPR your organisation may (intentionally or unintentionally) split the duties, roles and responsibilities of Data Controller and Data Processor with the company who manages your hosted environments. A further complication may arise when the company who manages your environment is themselves using the services of 3rd party SAAS and IAAS providers (for example Microsoft, Amazon or Google).

Data controllers will be responsible for implementing the necessary technical and organisational policies to demonstrate and ensure that any data processing performed is carried out in compliance with the GDPR.

These obligations will relate to general principles such as:

  • Fulfilling an employee or other data subjects’ rights with respect to their data.
  • The accuracy of the data.
  • Data minimisation.
  • Limitation of purpose.
  • Transparency & fairness.
  • Lawfulness.

systems@work Product Security

systems@work products have a number of tools and configuration options which can be utilised to further protect employee and other personal data against unauthorised or unlawful processing. These tools include:

Access Profiles

  • These can be used to restrict the options available to administrators relating to employee and user data.

Single Sign On

  • Linking systems@work login’s to Active Directory and other SSO directories allows for centralised control and policy enforcement.

Password Control

  • Our software can enforce password expiry, minimum length and format to improve overall system security.

Recommended Next Steps

  • Know Your Obligations Under GDPR
  • Review All Data Held In systems@work Software
  • Assess Current Controls
  • Take Advice
  • Contact Us

Important Disclaimer

It is vital that you seek independent legal advice relating to your obligations and your status under the GDPR as only an accredited legal professional with knowledge of your organisation can provide you with legal advice specifically tailored to your situation. Nothing in this article or on the systems@work website is intended to provide you with this legal advice.