GDPR includes six key principles that govern how organisations should treat the personal information of individuals.
It is the responsibility of the Data Controller (customer of RMS) to ensure that an individual's personal information is:
RMS provides high levels of security in respect to user login and data encryption to prevent data from being read, copied, altered or deleted by unauthorised parties during transmission. RMS encrypts storage to further safeguard against data breaches.
The Data Controller (RMS customer) must decide on the appropriate time duration to retain personal data.
RMS provides configuration options for implementing individual policies.
GDPR does not define the time period for the stipulation that an individual's personal data should be held for no longer than is required for the purpose that it was obtained.
In the unlikely event that personal data is obtained from either a breach of security procedures at the property or from the RMS data centres, GDPR requires that the Data Controller (RMS customer) shall without undue delay and where feasible, notify the supervisory authority no later than 72 hours after having become aware of the breach. When the personal data breach is likely to result in a high risk to the individual's (Data Subject's) rights and freedoms, the Data Controller shall communicate the breach to that person without undue delay.