General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII).GDPR replaces the 1995 EU Data Protection Directive, and went into force on May 25, 2018.

Following are the things that we are concerned about regarding the policies of (The GDPR)

Information we hold

Lawful bases for processing personal data

*Consent

*Consent to process children’s personal data for online services

*Registration

*Right to be informed including privacy notices

*Communicate the processing of children’s personal data

*Right of access

*Right to rectification and data quality

*Right to erasure including retention and disposal

*Right to restrict processing

*Right of data portability

*Right to object

*Rights related to automated decision making including profiling

*Accountability

*Data processor contracts

*Information risks

*Data Protection by Design

*Data Protection Impact Assessments (DPIA)

*Data Protection Leaders

*Management Responsibility

*Security policy

*International transfers

*Breach notification

Following are the steps that we take in order to make sure that we Comply with all the rules for the ‘GDPC

1.Make sure that key people in our organization (not just in the IT department) appreciate the importance of GDPR and compliance with it.

2.Document the personal data that we hold, where it came from, and who we share it with. To do this we may organize an information audit if
necessary.

3.Review our current privacy notices and make any necessary changes.

4.Check our procedures to ensure that we can accommodate the rights of individuals to be provided with their personal data in a commonly used
format, and that we can delete their data on request.

5.Update our procedures so we can handle those requests within the required timescales (usually one month).

6.Identify the lawful basis for our processing activity in the GDPR, document , and update our privacy notice to explain it.

7.Review how we seek, record, and manage consent, and whether we need to make any changes.

8.Consider how to verify individuals’ ages and how we can obtain parental or guardian consent for any data processing activity.

9.Make sure we have procedures in place to detect, report, and investigate a personal data breach.

10.Understand when to carry out a Data Protection Impact Assessments (DPIA)

11.Designate someone to take responsibility for data protection compliance and consider whether you are required to formally designate a Data Protection Officer.