Since 25 May 2018, every country of the European Union must comply with the ‘General Data Protection Regulation’ (GDPR).
This regulation set strict requirements for processing personal data.
Transport in Nood therefore makes use of the ‘Personal Information Protection Portal’ (PIP Portal). An IT solution that manages sensitive personal data in a GDPR-safe way.
The portal runs on Amazon’s (best) secured server in Frankfurt. Since 2013, Amazon’s European cloud capacity has been approved for Dutch banks by the Netherlands Central Bank.
Logging in to the portal requires two-step authentication. On the one hand a username and password, on the other a temporary verification code sent by text message.
Data and documents are stored in the portal using end-to-end encryption. In this way, everything is immediately encrypted.
The portal has a built-in logbook that registers everything. In this way, users know what happens with the personal data and documents stored.
A major advantage of the portal is that documents can be sent directly from the portal as mail.
They are ‘wrapped’ in an encrypted zip file, which can only be opened by the recipient using a code. That code is then sent separately by text message.
With the aid of an ‘authorisation matrix’, it is possible to determine in the poral who has access to which data.
In addition, the portal offers the unique possibility for interested parties (employees) to view their own data (on request) and also see what it has been used for.
The portal has a clear procedure for the removal of personal data, including a 30-day respite period.
That is why every year the portal undergoes an inspection by an independent inspector. The ensuing report is available to the clients of Transport in Nood.
It is not just Transport in Nood that can make use of PIP Portal. Any company or organisation looking for a way to manage the personal data of employees or members in a GDPR-safe way can work with PIP Portal.