The General Data Protection Regulation (GDPR) is being introduced to harmonize data privacy laws across Europe. It aims to protect all EU citizens from privacy and data breaches and give citizens greater control of their data. This article details the steps we have taken to ensure compliance. You may also wish to view our Data Protection Policy.
The GDPR applies to any organisation processing personal data of EU citizens. This can be a name, email address, address, phone number, social media account or even an IP address. It also applies to all industries and sectors.
In this article
- When does GDPR come into effect?
- How does GDPR affect ChannelGabber?
- What we’re doing to comply with GDPR
- What should I do next?
When does GDPR come into effect?
It comes into effect on 25th May 2018 and will be enforced by the Information Commissioner's Office.
How does GDPR affect ChannelGrabber?
Since GDPR was announced, ChannelGrabber has and continues to take steps to review our current privacy policies. The good news is that our current and existing privacy policies are already compliant with the terms set out by the Information Commissioner's Office.
What we’re doing to comply with GDPR
ChannelGrabber has been registered with the ICO since we were founded. As GDPR will be regulated by the ICO, ChannelGrabber has followed their recommended step-by-step guide on becoming compliant.
Step 1: Lawfulness, fairness and transparency
- We have conducted an information audit to map data flows
- We have documented what personal data you hold, where it came from, who you share it with and what you do with it.
- We have identified our lawful bases for processing and documenting personal data.
Step 2: Individuals' rights
- We have a process to recognise and respond to individuals' requests to access their personal data.
- We have a process to ensure that the personal data you hold remains accurate and up to date.
- We have a process to securely dispose of personal data that is no longer required, or where an individual has asked you to erase it.
- We have a procedure to respond to an individual’s request to restrict the processing of their personal data.
- We have a procedure to handle an individual’s objection to the processing of their personal data.
Step 3: Accountability and governance
- We have a dedicated data protection policy.
- We monitor our own compliance with data protection policies and regularly reviews the effectiveness of data handling and security controls.
- We provide data protection awareness training for all staff.
- We manage information risks in a structured way so that management understands the business impact of personal data related risks and manages them effectively.
- We understand when we must conduct a DPIA and have processes in place to action this.
- We have a nominated data protection lead
- Decision makers and key people in our business demonstrate support for data protection legislation and promote a positive culture of data protection compliance across the business.
Step 4: Data security, international transfers and breaches
- We have an information security policy.
- We have effective processes to identify, report, manage and resolve any personal data breaches.
What should I do next?
As someone taking online orders, you have access to personal data of EU citizens in the same way that ChannelGrabber does. ChannelGrabber has ensured it is fully compliant with all appropriate data regulations in the processing and storing of all personal data. As someone who also has access to personal data through your normal business activities you must also ensure that you do not, intentionally or otherwise, breach any appropriate data legislation. ChannelGrabber does not offer legal advice, and if you have any questions or concerns we recommend you contact your legal representative for clarification. Any information we provide is for information purposes only.