The UK General Data Protection Regulation (GDPR) is the general data protection regime that applies to most UK businesses and organisations. It covers the UK General Data Protection Regulation (UK GDPR), tailored by the Data Protection Act 2018. The EU General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere in the world, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR imposes harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros. The new rules have a broad definition of personal data and a wide reach, affecting any company that markets products and services to individuals in the EU. As your trusted Data Controller, we’re committed to helping you on your GDPR compliance journey.
We have implemented a set of certified security processes and controls Framework to help protect the data entrusted to us. This framework helps us comply with several security and privacy certifications, standards and regulations, including ISO 27001 and the cyber essentials.
Security: We apply various security processes and controls to help us comply with industry-accepted standards, regulations and certifications. And to help protect software in all applications and implementations, we build in security. We have clear processes to help our development teams to build security into our products and services.
Privacy: Where your consent is required, we will obtain your permission before (i) sending you news and promotional material about Complygate; (ii) accessing information stored on your device relating to your use of, and engagement with, Services and Software and crash reports; and (iii) analysing your content. You can withdraw your consent to such activities at any time.
Personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. Pseudonymous data can also fall under the definition if it’s relatively easy to ID someone from it.
Any action performed on data, whether automated or manual. The examples cited in the text include collecting, recording, organizing, structuring, storing, using, erasing… so basically anything.
The person whose data is processed. These are your customers or site visitors.
The person who decides why and how personal data will be processed. If you’re an owner or employee in your organization who handles data, this is you.
A third party that processes personal data on behalf of a data controller. The GDPR has special rules for these individuals and organizations. They could include cloud servers like Tresorit or email service providers like Proton Mail.