What is GDPR ?
The European Union General Data Protection Regulation (GDPR) intended to bring in sync data privacy laws & rules across Europe more efficiently replaces the Data Protection Directive 95/46/EC.
It changes the way enterprises & companies in the region abide with data privacy, by allowing all EU citizens to keep their data safeguarded.
Starting from 25th May 2018, the EU introduces GDPR for all EU residents to protect their data empowering them to uphold the fundamental right to privacy. Although very severe, this law is brought in and strictly enforced by the EU to control the usage of personal information of both citizens & visitors captured, managed and stored. This much discussed law is applicable to every enterprise within the EU or transacting with the EU or offering products & services to EU residents & visitors and collect & process personal data during these collaborations. As a bottom line this law puts citizens in charge of how their personal information is put to use.
Commitment Statement
At the DotStore we believe in establishing associations with customers & partners based on trustworthiness, confidence and complete visibility making this the chief reason of our long standing collaborations. The DotStore is committed to comply with the applicable GDPR regulations from <em>25th May 2018</em>. Our assurances related to data security & privacy extend across the globe abiding by multiple laws and now amongst those also the GDPR.
GDPR Quick Facts
A few quick facts about this very authoritative change and the actions we take to integrate this into our offerings.
The Private Data that the GDPR Protects
A very responsible list of data which could have been unsuspectedly exposed is now to be protected by the GDPR.
- Name, address or ID numbers - the very basic information
- Genetic data inclusive of health records
- Biometric data
- Ethnic or Racial data
- Web based data such as cookies, IP address, oction, RFID tags
- Opinions of political nature
Enterprises Bound by the GDPR
It becomes mandatory for all enterprises storing or processing personal information of the EU citizens within EU states need to abide by the GDPR. The company may or may not have a business presence directly within the EU.
Enterprises Needing to Fulfil the GDPR Expectations location- Presence in any of the EU countries
- No presence in the EU, However, Organization processes personal data of European residents
- Employee strength exceeds 250
- Employee strength is less than 250, however, its data-processing activities have an impact on the freedom and privileges of the members and or includes speacific personal data sensitive in nature
The DotStore Approach
As an agile & reliable software service provider, our methods are fully derived to be in accordance with the GDPR and we take on the responsibility to maintain the safety & security of your valuable data. Integrity is our fundamental value and makes up the very essence of our corporate philosophy keeping us dedicated to base our relations around this approach.
Our policies have been restructured to support you in comprehending your privacy rights in a systematic way in accordance with our continuous efforts to maintain GDPR compliances. We understand the vital aspects of safeguarding personal data by leveraging security, privacy, confidentiality, availability & integrity in businesses now ruled by data. This is the reason our systems, methods, tactics & processes are constantly modified to enable us offer services with undisputable trust with no exceptions made to the security and privacy of the data we handle.
Our primary goals focus on integrating the below critical components to make our processes reliable enough to handle customer data & systems.
We design a GDPR framework with specific milestones to assure GDPR readiness for all our customers & partners to help them manage privacy & security of their personal data with a remarkable reduction in breaches.
Analysis- Our experts help you conduct GDPR privacy & risk assessments that cover people, processes data. governance and security to help chart further roadmap
- Develop processes, procedures & tools.Help improvisation in processes & conduct GDPR trainings
- Support with continual reporting via auditing, assessing & evaluating adherence
- Help plot an implementation plan & derive new GDPR compliant standards covering each facet of the business
- Monitoring & execution of inscope business processes.This includes manging permissions & data subject access rights in adherence to an operational framework
We bring in GDPR readiness into your systems by conceptualizing thorough & agile processes into our own methodologies.
We begin by evaluating the real picture- Identifying personal data or Personally Identifiable Information (PII) of the data subject
- Conducting GDPR awareness trainings
- Analyze risk & requirement of new controls by conducting Privacy Impact Assessment (PIA)
- Address applicable rights of data subjects by adapting to consent management techniques
- Privacy Impact Assessment (PIA) subject to periodic review
- Reconfirm the privacy & protection of data by making the relevant changes
- Updates to privacy policy with the PIA as a baseline
- Present our GDPR framework and revise our agreements with the client based on GDPR compliance
- Agility in Implementation
- Regular review of Privacy Impact Assessment (PIA)
- Enhancing security measures with PIA as a baseline
- GDPR framework subject to periodic review
- Analyzing measurable objectives in a periodic manner
The GDPR is a complex regulation, and we are working extensively to be sure that all our services abide with this new regulation. The privacy and security of our clients, their customers, partners and candidates are of utmost importance to us.
- We conduct thorough reserch into how the solutions and service we offer may be impacted by GDPR
- Development of a strategy addressing the areas in our company impacted by GDPR is the foundation of this exercise.
- Creation of a precise inventory of all personal information that we control remains a chief task.
- We conduct rewriting and updating our privacy policy periodically.
- Implementation of an email subscription center becomes a critical part to mange optional participations.
- Performating all necessary changes to our internal processes & procedures to achieve and maintain compliance with GDPR.
- Updating our websites to be GDPR compliant in terms of the capturing and tracking of personal data is a mandatory process.
GDPR for You
The DotStore, enures that you remain GDPR aware & compliant at all times and charts out continuous processes for this.
Get to know GDPR
Familiarize yourself with the provisions of the new regulation, particularly how it may differ from your current data protection obligations and consider the relationships you have with your stakeholders.
Audit your data & processes for data capture
Consider creating an updated and precise inventory of all personal information that you control
Review your current controls and processes to ensure that they’re adequate and build a plan to address any gaps.
Stay informed
Stay abreast of updated regulatory guidance as it becomes available and consider consulting a legal expert to obtain assistance that is relative to your unique circumstances
If you are a company outside of the EU, the regulation still affects you.
The provisions of the GDPR apply to any organization that processes the personal data of individuals within the European Union, including tracking their online activities, regardless of whether the organization has a physical presence in the EU
Commitment Continues
Our pledge for security, data privacy and governance solutions mean that we empower our partners & customers by keeping them effective at all times.
The EU GDPR is already in effect since 25th May 2018 and to follow it we have our comprehensive compliance framework for all our services & products. To guarantee that we extend support to all our customers for GDPR, we examine & modify all our offerings and also define processes to ensure GDPR readiness while keeping all stakeholders actively involved.
Data protection principles are fundamentally a part of our own offerings as well as our methodologies and become a part of our on going assurance to privacy by design.