The General Data Protection Regulation (GDPR) is a new regulation to strengthen the protection of EU citizens’ data. The regulation places a significant emphasis on documentation and the consequences of failing to properly manage personal data. We welcome GDPR as an important step to streamline data protection requirements across the EU. One of the key principles of GDPR is to provide more transparency when it comes to what information we ask for and how that information is used. Therefore, we conducted a review of our systems and policies with our legal advisers and external auditors in order to ensure that we comply with the new regulation in all respects.
The only personal data eSmiley process is that which our customers provide us with. We process all data of this kind in a responsible manner, showing due respect for personal privacy and in accordance with legislation. In order to clarify how we comply with GDPR we have:
In addition we have had an external legal counsel creating awareness training program and validating that everyone at eSmiley understands and is kept up to date on the current regulation.
To guarantee no terms are imposed on us beyond what is reflected in our data processor agreement and Terms and Conditions, we cannot agree to sign customers’ data processor agreement . As a small team we are unable to make individual changes to our DPA as we do not have a legal team on staff. Any changes to the standard data processor agreement would require legal counsel and a lot of back and forth discussion that would be cost-prohibitive for our team.
We are committed to ensuring that our users can continue to use our services while complying with GDPR. eSmiley stores data concerning you and the users you register in the eSmiley system. As a customer you have full access to all of your personal data via our systems. You have the possibility of exporting data to Microsoft Excel and have full access to create and remove users in the system. In order to comply with GDPR it is essential that you remember to deactivate user accounts if the user no longer works at your company.
GDPR is fundamentally a modernisation of earlier legislation concerning handling of personal data, which is no longer able to keep step with technological advancements. As such, many of the items in the new personal data regulation remain more or less unchanged, albeit placing a greater focus on compliance and the associated risk of penalties, while other items cover new measures.
The increased risk of penalties and fines places a requirement on companies to establish a comprehensive overview and monitoring of their data processing flow. The primary focus surrounding the new personal data regulation concerns the right of those registered to be forgotten. This right is in fact not at all new, but the increased focus on it in the new personal data regulation means that companies need to be in complete control of the processing and storage of data in order to comply with the requirement.
According to GDPR personal data is defined as any form of information relating to a person, such as name, photograph, an email address, bank details, posts on social media, information concerning location, health or IP address.