General Data Protection Regulation (GDPR)

 

GDPR: Protecting your data

The GDPR is an EU Regulation (replacing the 1995 EU Data Protection Directive (DPD)) that governs how organisations in EU countries capture, process and hold personal information. The UK government has confirmed that Brexit will not affect the commencement of the GDPR.

GDPR at a glance:

  • Came into effect on 25 May 2018
  • Applies to every individual and company
  • Places greater emphasis on the documentation that data controllers must keep to demonstrate their accountability
  • Expands liability beyond data controllers (individuals are responsible for any personal data that they come into contact with eg: prospect information)
  • Makes no distinction between B2C personal data and B2B personal data.

Four important changes:

  • For all of the data we collect, we first have to make sure that we have a lawful reason to process it.
  • The “Right to be Forgotten”, which allows you to ask us to delete all of the data we hold on you.
    It’s worth noting that if we have data to fulfil a legal obligation we can refuse to erase it.
  • The “Right to Data Portability”, which allows you to ask for your data held by us to be collected in a common format and given to you. This doesn’t apply to data we hold to fulfil a contract.
  • GDPR is enhancing the Access Request right as well. We will not be able to charge for the processing of your data requests unless we can demonstrate that the cost(s) will be excessive. We will have 30 days to complete the data collection process. We still reserve the right to deny access requests if they prove excessive.

What does this mean for you?

Your data is protected more now than ever. You can also ensure that, within the EU, your data is in safe hands. If you ever feel that you would not like to give your data, simply don’t. If you ever authorise the collection of your data, and then decide to revoke a company’s access to that data at any time, you can. You remain in control.

Our commitment and your rights

ITDA is committed to ensuring the security and protection of personal information and the data that we process. While we have always had a robust data protection policy in place, which has complied with or exceeded existing data protection legislation, we recognise your need to know that your personal information is secure. You can see our Privacy Policy here, and download our Data Processing Agreement (DPA) here (open with Adobe Acrobat if you would like to enter your information).

How can I request my information?

As of 25 May, 2018 we are fully compliant with GDPR. If you would like to exercise your right to access any personal information we hold, including the data source(s), content and how we use it please email gdpr@itda.com.

More Information on GDPR

Should you have any further questions, please don’t hesitate to contact us.