NETWORK INNOVATIONS: GDPR Compliance Statement
Network Innovations already has a consistent level of data protection and security, however we aim to be fully compliant with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and this sets forth our compliance statement.
The GDPR is a privacy and data protection regulation in the European Union (EU) enhancing and fortifying existing data protection laws. It is enforceable from 25 May 2018 and requires no enabling legislation so automatically becomes binding and applicable on that date.
The new Regulation aims to standardise data protection laws and processing across the EU, giving people greater rights to access and control their personal information and imposes certain obligations on organizations that control or process relevant personal data.
The GDPR applies to data processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU.
Network Innovations is committed to the principles inherent in the GDPR and particularly to the concepts of data protection, information security, privacy, consent and transparency.
Network Innovations respects our customers’ and users’ right to data privacy and protection, and we have revised our internal policies in order to meet the requirements of the GDPR.
Network Innovations complies with the GDPR as a processor and controller of data and the company has been planning and developing a project of works that will deliver what is required by the GDPR.
Our GDPR Principles
- We will process all personal data fairly, lawfully and in a transparent manner.
- We will process personal data only for specified and lawful purposes where we rely on legitimate interest as the lawful basis for processing any personal data.
- We will hold only relevant and accurate personal data and maintain it up to date.
- We will not retain personal data for any longer than is necessary and we will remove such personal data when it’s no longer necessary to retain this data.
- We will keep all personal data safe and secure.
- We will endeavour to prevent the transfer of personal data to countries outside of the EU without adequate protection.
Our GDPR Actions
- DPO – appointment of a designated person in the IT Department who functions in the role of a DPO for the enhanced focus on transparency, accountability and compliance.
- Information Audit – carried out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
- Technology – reviewed our technology platforms to analyse their operation and security, to understand their compliance with the GDPR.
- Training & Awareness – undertaken training across our organization, generally raising the awareness of data protection.
- Supplier & Partner relationships – where relevant, we will be endeavouring to ensure that our third-party providers and suppliers are complying with the GDPR.
- Data Breaches – we have implemented breach procedures that ensure we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possibility.
- Marketing Consent– undertaken email campaigns with the contacts on our marketing database to gain consent to allow us to continue sending marketing material. We have also revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
If you have any questions about our GDPR compliance, please contact Network Innovations at Legal@networkinv.com.