Robert van der Linden, founder of Thinkwise. It is no secret that Thinkwise offers a unique product in the low-code landscape. Forrester research...
Thinkwise Low-Code platform ready for GDPR
Data Sensitivity module helps companies to anonymize personal data
Apeldoorn, 23th May 2018 – Thinkwise enables users of its low-code platform to swiftly comply with the General Data Protection Regulation (GDPR). For this purpose, the Thinkwise Suite has been extended with the Data Sensitivity module, designed to anonymize personal data. This means that it is possible to work in a secure manner with test data during the development of software.
With the upcoming GDPR, it is more important than ever for companies that their IT environment is secure and meets the legal requirements for privacy protection. Thinkwise has set up its own working methods to be GDPR compliant and is now introducing a Data Sensitivity module that allows users of the Thinkwise low-code platform to work securely with personal data.
“The new Data Sensitivity module provides users of our platform a simple way to anonymize the personal data of their customers and partners,” says Robert van der Linden, co-founder and CEO of Thinkwise. “This is an important requirement to be able to comply with the GDPR. As a supplier of a low-code platform, we facilitate a continuous development process, in which privacy protection is essential.”
Software development and GDPR
Thinkwise provides the users of its low-code platform with the appropriate means to satisfy the GDPR requirements and also gives tailored advice on Privacy by Design and Default. In addition, the General Data Protection Regulation lays down the following specific privacy protection requirements when developing new applications.
- Controller-Processer Agreement
It is legally required to sign a controller-processer agreement between the controller (customer/client) and Thinkwise (processor) prior to a software project. This agreement states the responsibilities of Thinkwise as the processor and the responsibilities of the customer as the provider of sensitive data in relation to the risks with regard to the privacy of natural persons.
- Data Protection Impact Assessment (DPIA)
As of 25 May 2018, organizations in the capacity of controller are required to perform a Data Protection Impact Assessment (DPIA) based on 9 criteria. A DPIA helps to identify the privacy risks of data processing, so that the Thinkwise customer can subsequently take measures to reduce these risks.
- Privacy by Design
When developing (new) products and services, organizations should already pay attention to the protection of personal data during the design phase. Organizations need to consider whether it is necessary for the product or service to process personal data or if it is possible to work for instance with anonymized data.
- Privacy by Default
Privacy by Design is largely about data minimization, or about not processing more personal data than is strictly necessary for the intended purpose. The principle of Privacy by Default is part of Privacy by Design, which requires standard settings of software to always be as privacy friendly as possible.
Apart from the new Data Sensitivity module Thinkwise also provides tailored advice to its customers with questions about GDPR compliance. For instance, during the design phase of applications, Thinkwise experts can give advice about the technical and functional measures that contribute to the best possible protection of privacy-sensitive data. Generally speaking, when developing business software, it is advisable where possible to work with anonymized personal data and to use the Privacy by Design Framework of the Privacy Company.