WHAT IS GDPR?
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The main difference is that the regulation puts more onus on organizations for seeking and recording permission, being transparent about what, how and for how long data is stored and used. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The General Data Protection Regulation came into effect on 25th May 2018 and affects all organizations that hold data on individuals. The UK government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
CONFORMANCE TO GDPR
As a responsible and professional company, it is imperative we understand and keep up to speed with the rules and obligations of the GDPR. We take the GDPR very seriously. We have put systems in place to monitor and ensure that our data is compliant.
At the moment, the full details surrounding the new regulation and its impact on the industry are not clear but the company’s internal process and policies will be adjusted as further information becomes available. This is a living document and we are working to expand it in key areas.
ENSURING WE CAN
- Easily locate and amend/delete contact details easily and inform third parties to do the same.
- Privacy notices remain accurate and up to date with latest GDPR requirement.
- Individuals have access to their personal data so that they’re aware of and can verify the lawfulness of the processing.
- Information if requested is provided without delay within a month of receipt and free of charge.
- Immediately analyze any complaint regarding how information is used and provide a full explanation regarding the use of their information, source and relevance to a use or marketing purpose.
- Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
- Clearly inform an individual and provide the right to decline when data is being shared with third parties.
- The ‘right to be forgotten’ enabling an individual to request that personal data is deleted or removed.
- To stop processing data if an individual contests the accuracy of the personal data, processing will stop until the verification and accuracy of the data is approved.
- To provide data in a structured, machine readable format such as a CSV files.
- Stop processing data as soon as an objection is received
- To deal with an objection at any time and free of charge
- Inform individuals of their right to object in privacy notices and at point of first communication.
Data to be deleted from the database when:
- Where data’s no longer necessary in relation to the original purpose it was collected for.
- When the individual withdraws consent.
- When the individual objects to the processing and there’s no valid reason for continuing.
- The personal data was unlawfully processed (a breach of GDPR).
- The data has to be erased to comply with a legal obligation.
- If data is disclosed to third parties that is subject to an erasure request to contact third parties regarding the data and request for deletion.
DATA COLLECTION CONSENT
The GDPR sets a high standard for consent. Doing consent well puts individuals in control, building customer trust and engagement which enhances reputation.
- Offering individuals genuine choice and control.
- Requesting a positive opt-in, not a pre-ticked box or other method of consent by default.
- A very clear and specific data opt-in statement.
- Name any third parties who will rely on the consent.
- Make it easy for people to withdraw consent
- Keeping evidence of consent (who they are, when the provide their details, how they provided them and who they may have been shared with.
- Always review and refresh consent statements as and when anything changes.
- Avoid making consent a precondition of a service.
RESPONSIBLE DATA PROCESSING
Mobility Holdings, Limited has implemented many updates to our policies and controls and feels that we are compliant with the new rules that came into force on 25th May 2018.
DESCRIPTION OF PROCESSING
We process personal information to enable us to produce and distribute printed material, promote our services; maintain our accounts and records; to support and manage our employees.
We sometimes need to share the personal information we process with the individual themself and also with other organizations. Where this is necessary we are required to comply with all aspects of the General Data Protection Regulation (GDPR). It is necessary to transfer personal information overseas. Any transfers made will be in full compliance with all aspects of the general data protection regulation.
Any Mobility Holdings GDPR related questions and any data subject requests can be addressed to Mobility Holding’s Data Protection Officer at firstname.lastname@example.org