The General Data Protection Regulation (GDPR) is an EU legislative initiative aimed at giving EU citizens more power and authority over their data. Organizations that handle statistics on EU citizens will be required to follow data and privacy guidelines under this bylaw.
Changes to the Privacy Policy are one of the GDPR’s key requirements, and Hitech-Articles(a subsidiary of Marketboats) has accepted and updated the same to reflect GDPR requirements. We also follow its key law, which requires industries to keep EU citizens informed about how they collect, use, share, protect, and process their personal data.
We are committed to delivering a uniform and compliant approach to data protection as well as maintaining the security and protection of the personal information that we process. We have always upheld an effective and efficient data protection program that complies with existing law and upholds the data protection principles, but we are conscious of our responsibility to update and expand this program to meet the requirements of the GDPR as well as all other compliance laws.
Hitech-Articles(a subsidiary of Marketboats) is committed to protecting the personal data that falls under our purview and to creating a data protection framework that is efficient, appropriate, and shows understanding and respect towards the new regulation. The development and adoption of new data protection roles, policies, procedures, controls, and measures are among our preparations and goals for GDPR compliance, which are summarized in this statement. These steps are aimed at achieving optimum and continuous adherence.
Hitech-Articles(a subsidiary of Marketboats) currently maintains a consistent level of data protection and security throughout our organization; however, it is our goal to achieve and maintain full GDPR compliance.
Information Audit – Conducting a company-wide information audit to discover and evaluate what personal information we have, where it came from, how and why it is processed, and whether or not it is disclosed to whom.
Policies & Procedures – [Revamping/Implementing new] data protection procedures and policies to comply with the criteria and norms of the GDPR and any other applicable data protection laws, including:
Data Protection – Our main policy and procedure document for data protection has been revamped to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to guarantee that we understand and adequately disseminate and evidence our responsibilities and duties, with a dedicated focus on privacy by design and individual rights.
Data Retention & Erasure – We have revised our retention policy and schedule to ensure that we adhere to the principles of “data minimization” and “storage limitation,” and that personal information is stored, archived, and destroyed in a compliant and ethical manner. We have dedicated erasure procedures in place to comply with the new ‘Right to Erasure’ obligation, and we are aware of when this and other data subjects’ rights apply, as well as any exclusions, response timeframes, and alerts.
Data Breaches- Our procedure ensure that we have security measures are in place to identify, assess, investigate, and report any personal data breach as soon as possible. Our procedures are robust, and they have been distributed to all employees, so they’re aware of the reporting lines and steps to take.
International Data Transfers & Third-Party Disclosures – Hitech-Articles(a subsidiary of Marketboats) stores or transfers confidential info outside the EU, we use strict procedures and safeguards to secure, encrypt, and maintain the data’s integrity. Our procedures include a continuous review of countries with sufficient adequacy decisions, as well as provisions for binding corporate rules, standard data protection clauses, or approved codes of conduct for those countries that do not have them. We conduct stringent due diligence checks on all recipients of personal data to assess and verify that they have adequate safeguards in place to protect the information, ensure enforceable data subject rights, and provide effective legal remedies to data subjects where applicable.
Subject Access Request (SAR) – We have revised our SAR procedures to cater to the revised 30-day timeframe for providing the information requested, as well as to make this service available for free. Our new procedures explain how to verify the data subject, how to process an access request, what exemptions apply, and how to use a suite of response templates to make sure that communications with data subjects are compliant, consistent, and adequate.
Legal Basis for Processing – We are reviewing all processing activities to determine the legal basis for processing and to ensure that each basis is applicable to the activity to which it relates. We also keep records of our processing activities, where applicable, to ensure that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
Privacy Notice – To comply with the GDPR, we have revised our Privacy Notice(s), ensuring that all individuals whose personal information we process are informed of why we need it, how it is used, what their rights are, who the information is disclosed to, and what safeguarding measures are in place to protect their information.
Obtaining Consent – We have maintained and strengthened our consent mechanisms for collecting personal data, ensuring that individuals understand what they are providing, how and why we use it, and providing clear, defined ways for them to consent to us processing their data. We have developed strict processes for recording consent, ensuring that we can demonstrate an affirmative opt-in, as well as time and date records; and an easy-to-see and accessible way to withdraw consent at any point.
Direct Marketing – We [revised] the wording and processes for direct marketing, which include clear opt-in mechanisms for Marketing subscriptions, a clear notice and method for opting out, and unsubscribe features on all subsequent Marketing materials.
Data Protection Impact assessments (DPIA) – where we process high-risk personal information, involve large-scale processing, or involve special category/criminal conviction Data; we have developed compliance level and assessment templates for conducting impact assessments that fully comply with Article 35 of the GDPR. We have implemented documentation processes that allow us to record each assessment, rate the risk posed by the processing activity, and implement mitigating measures to reduce the risk posed to data subjects.”
Processor Agreements – Where we use a third party to process personal information on our behalf (for example, payroll, recruitment, hosting), we have drafted compliant Processor Agreements and due diligence procedures to ensure that they, as well as we,” meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the need for the processing activity, the technical and organizational safeguards in place, and GDPR compliance.
Special Categories Data – We obtain and process any special category information in full compliance with Article 9 requirements and have high-level encryption and protections in place for all such data. Special category data is processed only when necessary, and only after we have identified the appropriate Article 9(2) basis or Data Protection Bill Schedule 1 condition. Where we rely on consent for processing, it is explicit and verified by a signature, with the option to modify or withdraw consent clearly stated.
Hitech-Articles(a subsidiary of Marketboats) takes individuals’ and their personal information’s privacy and security very seriously, and we take every reasonable measure and precaution to protect and secure the personal information that we process. We have strong information security policies and procedures in place to protect personal data from unauthorized access, alteration, disclosure, or destruction, and we have multiple layers of security measures in place, including: –
SSL, access controls, password policy, encryptions, pseudonymization, practices, restriction, IT, and authentication are on all levels of our organization.
The teams are responsible for promoting awareness of the GDPR across the organization, assessing our GDPR readiness, identifying any gap areas, and implementing new policies, procedures, and measures.
Hitech-Articles(a subsidiary of Marketboats) understands that continuous employee awareness and understanding is vital to continued compliance with the GDPR and have involved our employees in our preparation plans. We have implemented an employee training program specific to them which will be provided to all employees prior to May 25th, 2018, and forms part of our induction and annual training program.
If you have any questions about our preparation for the GDPR, please contact privacy@marketboats.com