The GDPR (General Data Protection Regulation) gives individuals more control over how their personal data is used. If your organisation processes personal data, the Regulation requires you to provide data subjects with certain information. This typically takes the form of a data privacy statement or privacy notice.
“Privacy Policy” agreements are mandatory because you’re collecting data that can be used to identify an individual, and this data is legally protected around the world.
The legislation is made up of seven key principles (all carrying equal weight), which will replace the eight rules that make up the existing, historically ambiguous directives. Under the new legislation, data processing must involve:
- Lawful, fair and transparent processing – emphasizing transparency for data subjects
- Purpose limitation –having a lawful and legitimate purpose for processing the information in the first place
- Data minimization–making sure data is adequate, relevant and limited and organizations are sufficiently capturing the minimum amount of data needed to fulfill the specified purpose
- Accurate and up-to-date processing – requiring data controllers to make sure information remains accurate, valid and fit for purpose
- Limitation of storage in a form that permits identification – discouraging unnecessary data redundancy and replication
- Confidential and secure–protecting the integrity and privacy of data by making sure its secure (which extends to IT systems, paper records and physical security)
- Accountability and liability–demonstrating compliance
NAICS Code: 541330, 541511, 511210, 611420, 541112, 541519, 541611, 541990, 611430, 333316, 423410, 541513, 518210, 928110, 611519, 541430, 335210, 519120, 541690 .
*WOSB Small Business Enterprise SBE, DBE and HUBZone located with additional certification through platform providers and partners. With an active DOD CAGE number. We are a woman-owned small business (WOSB) certified through SBA, to deliver top-notch performance objective