The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law covering data protection and data privacy in the EU and the European Economic Area (EEA). Within its scope is captured the transfer of data outside the EU and EEA, importantly the transfer and use of personal data of citizens from the EU/EEA. The GDPR came into effect on the 25th of May 2018.
Key Ideas:
- It was brought into effect to update the data protection regulations of the time; to make these more timely, relevant, robust, and standard for the internet age
- The emphasis with the new GDPR regulation is to ensure compliance through a requirement of process, system, and procedure documentation to protect the personal data of individuals held by an organisation
- It also brings into effect enhanced rights for individuals’ data held by an organisation
- Organisations need to be able to demonstrate that the protection of personal data held by them is of utmost importance, and that reasonable, practicable steps have been taken to embed this philosophy into every system, process, or procedure that involves the use of personal data
Key Facts about SELMA:
- Our servers are located in Australia and New Zealand.
- We have determined that we are a Data Processor under the GDPR definitions
- Since our contact with EU citizen information does not form a large part of our operations, we have deemed that an EU representative is unnecessary
Our Response:
Here at SELMA, we are working hard to ensure that we are complying with the GDPR regulations. We want to put the time and effort into doing this right to ensure the protection of your data that has been entrusted to us, not only so that you can rest easier knowing that your information is secure, but also as an opportunity for us to make our business processes more robust as we move into the future.
We currently are:
- Regularly updating our privacy policy to reflect changes to ensure the protection of personal data
- Auditing which of our products/services collect and process personal data
- Ensuring a legal basis for this collection
- Ensuring compliance with obligations to customers as set out in the GDPR
- Updating internal and external notices for GDPR compliance
- Ensuring customer contracts are GDPR compliant
- Providing data protection training for staff
- Checking and building secure infrastructure around systems that collect, process, and store personal data
- Creating internal compliance documentation including data maps and flow charts to gain clear insight into the path through which data flows in our business
- Implementing regular internal compliance audit checks to ensure compliance, document processes, and highlight deficiencies
- Putting in place processes to correct identified deficiencies in our business processes
Beyond these responses, we will keep regularly informed as to the nature of GDPR regulations and how this affects us as a business, to stay abreast of any obligations that we need to fulfill to become and remain GDPR compliant. We are sure that this will be an ongoing process, and we are delighted to engage with this to ensure the protection of your personal data so that you are confident that your information is in safe and secure hands.