Personal data protection
EU’s new General Data Protection Regulation, applied from spring 2018, has been cause for measures at Hansel, as in many other organisations.
A data protection assessment was carried out in regard to the processing of personal data, on the basis of which understanding of the current state of data protection improved, and the effects of the GDPR on the processing of personal data at Hansel have been identified.
Data protection matters have been taken into consideration in the current framework agreements, in accordance with valid laws. The new obligations brought about by the GDPR shall be assessed by Hansel individually for each framework agreement, and framework agreements requiring action shall be reacted to appropriately to ensure that Hansel’s customers can feel safe in the knowledge that their personal data is always processed professionally.
For all framework agreements that are in the middle of a tendering process, the processing of personal data shall be evaluated directly from the perspective of the new data protection legislation.
Hansel and its key stakeholders have prepared instructions for the consideration of the effects of the GDPR on public procurement processes and have produced model terms and conditions for the use of the entire government. These terms and conditions are already being used widely in public administration, and the feedback received has been positive. Currently, Hansel is involved in the preparation of agreement terms and conditions applying to IT acquisitions (JIT 2015). The goal is to incorporate the terms and conditions for the processing of personal data in the JIT 2015 terms and conditions.