Rahi Systems GDPR Compliance Statement
The European Union (EU) General Data Protection Regulation (GDPR) comes into force across the EU on 25th May 2018 and brings with it the most important changes to data protection law in two decades. The GDPR will supersede the current Data Protection Act giving people more control over how organisations use their data and the potential for increased penalties to be imposed on to organisations for breaches of their obligations.
The GDPR’s purpose is to strengthen data protection for individuals within the EU whilst also providing harmonisation for data privacy laws across Europe.
Rahi Systems commitment to the GDPR
At Rahi Systems we are dedicated to ensuring high standards of data privacy and recognise that we need to take steps to meet the demands of the GDPR. We have summarised our preparation for the GDPR in this statement and this includes the implementation of policies, procedures and controls to ensure maximum and ongoing compliance.
Identifying personal data
We have documented what personal data we hold, where it came from and with whom we share it.
Policies and procedures
We have revised our data protection policies and procedures to meet the requirements and standards of the GDPR including:
- Data breaches – we have put in place procedures to identify, assess and investigate any suspected personal data breach at the earliest possible time and will notify individuals or any applicable regulator where we are legally required to do so.
We have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what personal data they are providing, why and how we use it and have sent opt in request emails to individuals on our database. Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to individuals[ via text or email]. However, we have developed processes for recording consent, making sure that we can evidence an affirmative opt-in and that individuals have a way to withdraw consent at any time.
We understand that employee awareness is vital to compliance with the GDPR and will ensure that existing employees receive training to enhance this awareness.
If you have any questions about our preparation for the GDPR, please contact us at [email protected] or +1 510 651 2205.