atwork and the GDPR compliance
What is GDPR
The European Union General Data Protection Regulation 2016/679 (GDPR) is applied to all organizations that collect data from EU residents. GDPR also applies to organizations based outside the EU. GDPR harmonizes different data privacy laws across European countries and requires businesses to re-evaluate what they do.
Users basically have the right to be informed, the right to access, the right to object and to restrict data processing and the right to be forgotten. See more at https://www.eugdpr.org .
What data is affected
Personal data could refer to a number of details such as Name, birthdate, Home address, Email address, Bank details, IP address, even nicknames and sensitive data as photos, biometric or medical information.
atwork and the GDPR compliance
We at atwork take data protection seriously. We fully comply with the regulations defined in the EU GDPR regulations. All our services and data are protected by design. We rely on standardized services in the cloud that fulfill all modern security certifications and guidelines. Since most of our services are hosted in the Microsoft cloud, the following certifications and measures are used. Pls. see
For communication with interested persons, partners and customers, atwork usually stores contact data as names, emails and addresses. When a request comes in, atwork informs about personal data usage. If required, or any personal data will be deleted as defined in the process below.
Contact and Data Protection Officers (DPO)
At atwork, our Data Protection Officer is:
Kreilplatz 1, 1190 Vienna, Austria
Mrs. Doris Schlaffer
Tel: +43 1 3708390
For more information pls. contact us per mail at email@example.com by phone or in written form sent to our business address.
Any user of atwork services can request information or that their personal data shall be deleted anytime. atwork provides an online form for such requests with standardized processes behind that. Users can open www.atwork.at/gdpr and enter their name, their email address, the request type and a memo field and send it, similar as here:
Name: [John Doe]
Type: ( ) request my user info (x) delete my user data
Message: [please delete my user data in your systems]
Once this is done, the user gets an email as confirmation that the process was started and when he gets a response when the request was executed. In case of questions, there is the contact information in the email and the user can contact our DPO or our colleagues at atwork directly.
All requests are collected in a central list. The central list of user requests is the basis for any operation.
- Every request is stored in a central list in atwork’s intranet system https://cloudexperts.sharepoint.com/sites/atworkat/.
- For an information request, the user gets an email from the DPO answering the request. Specific tasks might follow if needed.
- For a deletion request, some automatic tasks for deletion are started and the DPO walks through the checklist to delete or anonymize any personal data that might be stored in any of the listed systems below.
Once a request is fully executed, a “finished” flag is set, and the user gets the final notification vie email with the result of his request.
Under GDPR, data breach is defined as “the result in a risk for the rights and freedoms of individuals”. Data Breach notification are mandatory and must be done within 72 hours of first having become aware of the breach. If data is leaked, atwork makes a report at the local data protection authority at www.dsb.gv.at . Also, the incident is entered into the central list.