Overview:
The General Data Protection Regulation is one of the security laws passed by the European Union back on May 25, 2018, affirming strict security standards and penalties for organizations across the globe. With GDPR rules, the EU has channeled its firm stance on data privacy and security upon entrusting their personal data with cloud services, where breaches have become a daily occurrence.
The right to privacy is part of the 1950 European Convention on Human Rights, which states, “Everyone has the right to respect for his private and family life, his home and his correspondence.” Thereby, as technologies progressed, the EU recognized it was time for modern protections and rules to protect this right.
GDPR refers to an array of legal terms for individuals/organizations who perform the following tasks:
- Personal data collection: People reaching out to an individual through their gender, biometric data, religious beliefs, web cookies, political opinions, location, etc.
- Data Processing: Any action performed with data (collecting, recording, organizing, structuring, storing, using, erasing, etc.), be it automated or manual.
- Data Subject: Storing/Processing the data of individuals who visit the site.
- Data Controller: An authoritative person/owner is abided to seek consent to use data from individuals if they are handling data.
- Data Processor: Any third party processing personal data shall strictly comply with GDPR rules on behalf of the data controller.
Aktiv Software’s Commitment:
We at Aktiv Software are continually working towards being GDPR-compliant. If we process data, we make sure we stick to seven protection and accountability principles outlined in GDPR’s Article 5.1-2:
- Lawfulness, Fairness, and Transparency: The data we process will be lawful, fair, and transparent to the data subject.
- Data Usage Limitation: We will process data for sincere purposes, which we would specify explicitly to the data subject when we collect it.
- Data Minimization: We will ensure collecting and processing only as much data as necessary for the purposes specified.
- Accuracy: We will keep personal data accurate and up to date.
- Storage Limitation: We will personally identify data for as long as necessary to store for the specified purpose.
- Integrity and Confidentiality: We will perform data processing to ensure appropriate security, integrity, and confidentiality (using encryption, two-factor authentication, data privacy policy, etc.).
- Accountability: As data controllers, we are responsible for demonstrating GDPR compliance with all of these principles.
Aktiv’s GDPR Checklist:
Transparency & Assessment | Data Security & Consent Management | Accountability and Governance | Privacy Rights
- Conduct an information/data audit to determine the purpose of data processing, what sort of information we could process, and who will access it within or outside the organization.
- Review the provisions related to data processing activities mentioned in GDPR Article 6 and Articles 7-11 and justify the purpose of data processing.
- Provide proper explanation to people how are we collecting their data and why (Article 12). Explain how the data is processed, who has access to it, and how we will be keeping it safe.
- Appointing a Data Protection Officer within the organization who will be accountable for GDPR compliance.
- Signing data processing agreement between our organization and any third parties that process data on our behalf.
- Keeping the data up-to-date by ensuring identity verification upon request.
- Following legal obligation, we will honor individuals’ requests to delete their data from our database.