The new EU General Data Protection Regulation (GDPR) came into force on 25 May 2018. Anders Electronics details steps it has made to meet this regulation.
The EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 and superseded the Data Protection Act 1998. GDPR will apply despite Brexit, and will impact all organisations that control or process personal data. It will grant data subjects a range of new rights, giving them more control over how their data is used. Organisations will be subject to new responsibilities and obligations, including the need to demonstrate compliance.
What are Anders Electronics doing to meet compliance?
We are committed to protecting and respecting the privacy of individuals, and take our obligations under data protection legislation seriously. We understand and welcome the high standards that GDPR will promote and encourage across all organisations that process personal data. We have reviewed (and updated where necessary) all our internal processes, procedures, data systems and documentation to ensure that we are GDPR compliant.
We will ensure that:
- Data is processed only for specified and lawful purposes
- Processed data is adequate, relevant and not excessive
- Processed data is accurate and, where necessary, kept up to date
- Data is not kept longer than necessary
- Data is processed in accordance with an individual’s consent and rights
- Data is kept secure
- Data subjects have full access to any information held about them
- Subjects have the right to have data deleted or transferred
Data Review - We have carried out an extensive review of all personal data we hold, ensuring what we hold is relevent to contractural obligations and for processing relevent information according to products/services we provide and and any data deemed to not be in use has been deleted from our systems. All personal data is held on secure, encrypted systems and all our staff have been trained on the storage and access of this information.
Third Party Review - We have conducted an analysis of third parties who process data on our behalf, and updates to contractual positions to ensure that we (and our customers) are protected as best as is possible. In addition to this, we are updating our policies to give our customers the assurances required under GDPR.
Process Updates – Updates to our existing procedures to ensure we have the tools to maintain compliance with GDPR. This includes the appointment of a new Data Protection Officer, and a review of our existing policies such as our data and IT security.
Data Capture - All data capture thorough our website is now completely transparent, fair and secure. Only information relevent to a customer's enquiry or contractural obligations will be sent and and customers have a clear option to opt-out of any or all communications - which will be logged on submission.
Access to Personal Information – Ensure that it is easier and quicker for data subjects to exercise their rights.
Questions, comments and requests
If you would like to speak with us about our GDPR Statement please contact us at firstname.lastname@example.org