The path to GDPR Compliance at Sample Solutions
New data protection rules in the European Union known as General Data Protection Regulation (GDPR) will be in effect on 25 May 2018. The GDPR will introduce new accountability obligations, stronger individual rights, restrictions on international data flows and data breach notification.
The new GDPR is more than simplifying compliance and harmonizing national laws. GDPR gives control to the individuals about how their personal data is being used. Any entity that is established in the European Union or that processes the personal data of individuals in the European Union will be affected. Some of the changes will include the “right to be forgotten”, data breach notification, data portability, and strong individual rights.
Data protection and privacy are very important and crucial to our business. Therefore, we commit to handling the data in the most accurate way. Our priority is to determine the necessary changes in our system, to adapt the processes and policies in order to comply with GDPR requirements and to implement them in the best possible way.
Sample Solutions Commitment
Sample Solutions strives to continuously improve its processes of delivering telephone samples for RDD, B2B, and B2C projects as well as the data enrichment. Not only does Sample Solutions follow international research standards developed by professional associations like ESOMAR, AAPOR, and WAPOR but it has also set out to become certified for ISO 20252 in 2018.
Furthermore, Sample Solutions engages to perform appropriate technical and organizational measures that comply with this Regulation. By the time the GDPR comes into force, we have already implemented its requirements and recommendations.
How is Sample Solutions preparing for GDPR?
At Sample Solutions, we believe that the GDPR is an important milestone in the data privacy landscape, and we are committed to achieving compliance with the GDPR.
We’ve made significant investments to prepare the business for impending GDPR enforcement deadline this May. This includes conducting a Privacy Impact Assessment, updating our Data Protection Agreement, appointing a Data Protection Officer, assembling a GDPR Taskforce, and dedicating engineering resources to enhance the platform with additional GDPR compliance features.
Our team is working constantly on improving and securing that the data that we process is done in a lawful, fair and transparent manner by:
• Taking appropriate technical and organizational measures in order to comply with this Regulation;
• Informing and advising data processors and employees of their obligations under the GDPR;
• Monitoring internal compliance;
In addition, we can answer to requests made by our customers related to their expanded individual rights under the GDPR, such as:
• Right to be Forgotten: the right to demand the erasure of data for which you no longer consent to data processing or which are no longer necessary to process. Individuals have the right to have their data ‘erased’ in certain specified situations – in essence where the processing fails to satisfy the requirements of the GDPR;
• Right to Object: As with the right to be forgotten, the right to object to processing already exists in connection with ex, direct marketing or processing based on a legitimate purpose of the controller, where an individual has the right to object to the processing for specified purposes or in a specified manner on the ground that, for specified reasons, it causes or is likely to cause unwarranted substantial damage or distress;
• Right to Rectification: Individuals may access and update their information that they believe is inaccurate, also they have the right to correct or complete them at any time;
• Right to Restrict Processing: Individuals have the right to request to stop processing their data when they believe the data is not accurate;
• Right to Data Portability: Individuals have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller.
We are also taking measures to:
• Provide access controls
• Encrypt, anonymize or delete user data
• Pseudonymize Data
• Perform data audits or assessments using data processing logs
• Create provisions for data subject’s rights
• Enhance security for user data
What happens if you do not comply properly with a request?
The biggest change to the law is the increase in the amount of money regulators can fine companies who do not comply – up to 4% of their global turnover or 20 million Euros, whichever is greater.
We will continue to share regular updates about upcoming changes and various measures that we have developed for implementing GDPR.
For more information, contact us at: firstname.lastname@example.org