In our system, everyone owns their data, whether related to the business or themselves. Usually, managers handle business data, and employees have their individual data. People are responsible for keeping their data safe and sharing it with others, following privacy rules like GDPR and business ethics guidelines. You can even choose to remove your data once your involvement ends. This way, you control your information, and the system keeps some basic data to improve things while following GDPR rules. It's like being your own legal representative for your data.
This is the design pattern that is core to Cira. The platform is built for the individual to be in control of their own data: how it is generated, for what it is used, who has access to it and what others are permitted to see and use it for (and for how long).
Personal Data
Is any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier.
Cira separates any personal data from other data and persists it in an encrypted format. The data is encrypted both at the database level and in the business layer - meaning that even if some by has access to the database and is able to decrypt the data there they still can not read it.
Data Portability
Information associated to or generated by an individual should at any time be available for export in a structured (machine readable) format.
Cira provides tools to the users so that they at any given time can export all (or parts of) their own data in a machine readable format (JSON format). This export can be done at any time, with keeping your account or when enforcing your right to be forgotten (see below).
Consent
Information associated to or generated by an individual is owned by that individual and needs consent to be used for anything by anybody else.
Cira encapsulates all the data you generate on the platform and nobody have access to any part of that without your consent. The platform allows you at any given time to share all or parts of your data with anybody for a period of time or until that permission is removed manually. You can decide to share data without revealing your identity or with your identity. A user can also request access to another user's data, but that can only be granted by the user in question.
Right to be Forgotten
An individual user should at any time be allowed to remove all information associated to or generated by that individual.
Cira lets you at any given time decide to delete your user on the platform and erase all traces of you ever being a user. You can when erasing your data decide to keep a copy of that data and the system will send that to your e-mail account for storage (Data Portability).
Cira is GDPR compliant - and then some...
• Continuous Impact Assessment: Built into core design & development.
• Protect by Design: All information is managed and controlled by user him-herself.
• Data Breach Notification: MS Azure regulations & governance (Data Center in Germany); wrapper routines from Hira.
For more on how Microsoft Azure work with Data Privacy, https://azure.microsoft.com/en-us/blog/protecting-privacy-in-microsoft-azure-gdpr-azure-policy-updates/
Copyright © 2024 Cira - All Rights Reserved.
Powered by GoDaddy
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.