The EU General Data Protection Regulation (“GDPR”) dated 25th May 2018, specifies the major changes laid by the government in the past two decades. The regulations are primarily related to data, safeguarding its privacy as and when used by organizations. Influenced by digital transformations, the new GDPR follows a risk-based approach to meet the requirements.
Regulated with the aim to standardize laws for data processing and protection, it seeks user rights before accessing their personal information, making them stronger. We, at Stridely Solutions, believe in ardently following all regulations. So, our organization adheres to GDPR complaints carefully.
Our Commitment
Stridely Solutions, strives to prioritize the privacy of user data. We always stick to the norms of data protection, inducing stringent policies to make sure that the operations comply with the law and don’t go past the data protection principles.
We at Stridely Solutions are well aware of the new regulations as imposed by the law and ensure that all our practices are in tandem with the rules, safeguarding all user data. We hereby summarize our objectives and aim for GDPR compliance. The statement includes the steps, procedures, measures, and policies undertaken by all in our organization. We make sure that these abide by the GDPR policies emphasizing on the security and the data protection act. We aim to be totally compliant with the GDPR by 25th May 2018.
We Adhere To
01 – Information Audit
An end to end assessment is conducted throughout the organization. We have created a list of data stored in our organization to furthermore identify the person, purpose, and nature of the data. We make sure that all information held in our organization is in terms of the new data protection policies as well as procedures. The main intent behind conducting the information audit to revisit the existing data, ensuring that they meet all the clauses specified in the new policy.
The major ones include:
02 – Data Protection
The main purpose of GDPR compliance is to ensure that all data held by the organization is secured and protected. We agree with the statement that the data protection measures undertaken by us meet the requirements of the GDPR. Further, it is notified that sufficient governance measures have been adopted and that we are aware of our obligations and exercise responsibilities; to satisfy the privacy protocols.
03 – Data Retention & Erasure
After the release of the new policy, Stridely Solutions has also updated the retention policy in a manner that all of the principles associated with ‘data minimization’ and/or ‘storage limitation’ is met. We further state that our client’s information is stored effectively and when not required, they are destroyed compliantly and ethically.
04 – Data Breaches
We specify that the procedures taken to deal with breaches are up-to-date. We have all placed all the measures to assess, identify, and also report breaches as and when they occur. We adopt significant rules which are also distributed among the employees making sure that they abide by it.
05 – International Data Transfers & Third-Party Disclosures
Having offices in 3+ countries and 18+ cities, we take immense care of data when they are transferred from one location to another. We make sure that the data is encrypted and accessed only by an authorized individual. We conduct strict due diligence checks along with the recipients of personal data to identify that all of them are safe and the information is well-protected.
06 – Subject Access Request (SAR)
Revising our Subject Access Request procedures, we have updated to have a 30-day timeframe within which the information requested would be given to the concerned person. The new process added to the timeline helps validate the data subject, identify the measures to be taken when processing the request, highlight the exemptions, if any, and further provide the entire template adhering to the consistency and adequacy of the data subjects.
07 – Legal Basis for Processing
Processing activities are reviewed time after time to make sure that every basis stands fit for the activity. If required, we also create a list of housing the records of all the processing activities. This helps us verify that we meet all of the obligations laid under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill.
08 – Privacy Notice/Policy
Significant revisions made to the Privacy Notice(s) to meet the requirements outlined in the GDPR. We make sure that the users are informed about the data being used, the reason why, and also the rights they have.
09 – Obtaining Consent
We have also made changes to the consent mechanisms when attaining personal data. We go beyond great lengths to make sure that each individual is aware of their rights and know effectively that we hold their data along with the reason why. Only after they have understood the above, do we seek consent for confirmation.
10 – Direct Marketing
Direct marketing processes have been changed to make room for opt-in mechanisms facilitating marketing subscriptions. For the subsequent marketing materials, an opt-out mechanism is used.
11 – Data Protection Impact Assessments (DPIA)
Stringent Protocols have been implemented to make sure that data with high risk are processed carefully. We strive to fully comply with the GDPR’s Article 35 requirements. An additional documentation process has been implemented to keep tabs on all the records, enabling us to rate the data risk and take measures to reduce the same.
12 – Processor Agreements
To meet the GDPR obligations, we have outlined and drafted Processor Agreements followed by due diligence procedures. For instances where we use third-party tools to process user’s personal information, we adhere to the above obligations. The process includes reviewing the existing and the ongoing services, outlining the importance of the processes following the technical as well as organizational measures to meet the requirements mentioned in the GDPR.
13 – Special Categories Data
Special category data are to be processed only when necessary. Also, they undergo the processing stage at an instance where they have been initially identified.
Data Subject Rights
Besides the above, our entire team makes sure that all of the rules and policies are duly followed. Further, we follow rules and policies assuring that everyone in the organization adheres to the GDPR policies and that users can enforce their data protection rights. Easy access is given to users enabling them to exercise their rights.
User has the ease and the rights to know about all of the data we have. Also, they can question us on:
What personal data we hold about the
- Specifying the purposes of the data processing
- What are the data categories that are required
- All of the recipients who might access the data or view them.
- The time duration up to which we have their data.
- The source from where we got hold of their data (if not through them).
- The right to possess incomplete or inaccurate data which would then be corrected upon sending a request.
- They have the right to complain or even seek judicial remedy if they think their data is being misused.