AAP3 AND GDPR – A MATCH MADE IN EUROPE

GDPR… it is on everyone’s mind, not only because it is happening this week, but because it has been the “hot” discussion for the past year. Here at aap3, we believe that the enforcement of the new data legislation is a good introduction, as it defines a clear and defined set of rules for all companies and organizations within the EU to legislate too. We believe in how we protect data and how it gives the consumer power over their information.

 

GDPR logo

GDPR is a global standard for data protection. It will change the way the Internet works with consumer data. The advantage is for consumers to be able to see what they’re interested in. Advertising pertains to them and what they are searching for instead of being random, thus reducing 80% of unwanted marketing and spam. This can only benefit companies going forward.

 

Here at aap3, we have introduced tight rigorous standards and policies to control the three major elements of GDPR:

    1. Right to Access– We can show the user what data points are being collected, where it’s being processed and stored, and the purpose, processing, and storage of the data.
    2. Right to be Forgotten– aap3 have given users opt-out of the data-collection process.
    3. Data Portability– allows users to download their personal data they’ve consented to and transmit it to a different controller upon request.

 

Chart of GDPR including the fines

 

 

How We Prepared and the steps that we took:

 

 

    • Full Audit of Our Website – Audit of all the data our website and plugins collect. This applied to every way data is collected from the website including user registrations, contact forms, comments, analytics, logging tools, security tools, etc.
    • Published Privacy Policy – This informed the users that were collecting data, what the data is, and how within aap3 it is used. No data is given to any other 3rd party.
    • Notify – Automated notification of when we’re collecting data.
    • Allow Users to Opt-Out – aap3 gave users that have given consent the ability to be able to opt-out at any time.
    • Get Permission –aap3 have set up so that every time a user submits information, for newsletters, etc., to gain permission to collect their data.
    • Provide Users with a Copy of their Data – We have set up an automatic process to search and collate data upon user request to identify and show an individual’s data of what aap3 securely holds.
    • Notification of Breach – aap3 have set up an automatic process If there is a data breach, (notification must be sent within 72 hours of becoming aware of the breach).
    • Data Protection Officer (DPO) – aap3 employed a DPO into the business as it was required for being the link with both the public and the organisation’s employees in relation to the processing of personal information retained within the company. The new DPO also acts as the person responsible for the security of all data, as well as to whom all data queries are directed too:
      1. Monitoring compliance with the Regulation, including the assignment of responsibilities.
      2. Providing advice where requested as regards the data protection impact assessments (DPIAs) and monitoring compliance and performance.
      3. Engaging with the Information Commissioner’s Office or relevant Supervisory Authority.

 

GDPR will be enforced on the May 25th, as in this Friday, so it was important for aap3 to be prepared before the deadline and fully compliant with the new rules.

 

As well as being GDPR compliant, we truly believe in how secure we hold and data within the organisation safe and securely, we are controlled and work to ISO9001 & ISO14001 standard and working towards ISO27001.

Contact us today: