We realise that the information on these pages may be very general, dense and difficult to understand for many. Here are some concrete examples, directly from our backlog systems, to show specifically what we've done to our software as a result of the GDPR in general and our risk assessments in this regard in particular.

We've spent hundreds of hours making these and numerous other changes and features.

The following is a representative selection from the backlogs of several of our systems, from ERP systems to mobile apps:

• Added audit trial functionality for admin user accounts.
• Added functionality for the customer as data controller
  • to selectively delete personal data.
  • export personal data
• Added functionality for users to delete themselves from systems in certain scenarios
• Rejected numerous roles from having access to data, such as quality assurers and support personnel.
• Extended user event logs, to improve the customers control over actions performed on data.
• Added encryption to databases, application layers and connections.
• Added encryption to personal identification numbers.
• Guidelines for the customer in how to best configure the system in order to be compliant with the GDPR. 
• Entered into data processing agreements with subprocessors. 
• Created lists of all types and categories of personal data processed by the application
• Added functionality for the customer as data controller to selectively delete documents (i.e. documents that may contain personal data but no longer need to be stored in accordance with applicable law, such as old payslips and invoices.)
• Added routine for deleting customer data recieved in a support case when the ticket is closed.