GDPR 2019-09-13T16:33:46+12:00

FeatureIT and GDPR

The EU’s General Data Protection Regulation (GDPR) came into effect on 25 May 2018. Here’s some information on what the GDPR is, how it affects your business and what FeatureIT has done to comply.

What changes has the GDPR brought?

The GDPR is a new regulation designed to secure the personal data rights of EU residents. It imposes new rules on organisations that govern how they process and store personal data.  The GDPR also provides individuals with certain rights over their personal data, including the rights to access, correct and delete personal data.

Personal Privacy

Individuals Have the Right To:

  • Access their personal data
  • Correct errors in their personal data
  • Erase their personal data
  • Object to processing of their personal data
  • Export personal data

Transparent Policies

Processors Are Required To:

  • Provide clear notice of data collection
  • Outline processing purposes and use cases
  • Define data retention and deletion policies

Controls and Notifications

Processors Will Need To:

  • Protect personal data using appropriate security practices
  • Notify authorities within 72 hours of breaches
  • Receive consent before processing personal data
  • Keep records detailing data processing

IT and Training

Processors Will Need To:

  • Train privacy personnel & employees
  • Audit and update data policies
  • Employ a Data Protection Officer (only required by those meeting certain criteria)
  • Create & manage processor/vendor contracts

How does the GDPR affect your business?

The GDPR applies to any organisation that processes personal data of European Union residents irrespective of where the organisation practices from.

Here are some resources about how the GDPR affects small to medium businesses.

What has FeatureIT done about GDPR?

At FeatureIT, we understand the implications of the GDPR and see compliance as an opportunity for us to firm up our processes for all our customers and their data. Here’s what we’ve done:

  • We have identified the areas in our product where we need to make changes in order to comply.
  • We have engaged with our architecture and product teams to specify the changes required.
  • We have mapped out our internal data flow and processes to ensure we are aware where all personal data is stored, transferred and processed.
  • We have reviewed our contractual arrangements with our subprocessors and ensured their processes are compliant.
  • We have started our internal awareness and training campaigns.

GDPR FAQs

What constitutes personal data?

Any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

When did the GDPR come into effect?

The GDPR was approved and adopted by the EU Parliament in April 2016 and it took effect on 25 May 2018.

Who does the GDPR affect?

The GDPR not only applies to organisations located within the EU, but also to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

What are the penalties for non-compliance?

Organisations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements. The rules apply to both controllers and processors, meaning ‘clouds’ will not be exempt from GDPR enforcement.

Do you have a Data Processing Addendum I can sign?

Yes, if you wish to download our DPA, please sign and email back to info@featureit.co.nzDownload our DPA here.

Pin It on Pinterest