What is GDPR?
The General Data Protection Regulation (GDPR) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It takes effect on 25 May 2018 and standardizes data protection law across all 28 EU countries as well as imposes strict new rules on controlling and processing personally identifiable information (PII).
GDPR applies to all organizations holding and processing EU resident’s personal data, regardless of geographic location. Many organizations outside the EU are unaware that the EU GDPR regulation applies to them as well. If an organization offers goods or services to, or monitors the behavior of EU residents, it must meet GDPR compliance requirements.
What is considered personally identifiable information (PII)?
PII is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. The types of data considered personal go beyond just name, address, and photos. GDPR extends the definition of personal data so that something like an IP address can be personal data. It also includes sensitive personal data such as genetic data, and biometric data which could be processed to uniquely identify an individual. So, keep in mind that files from your legal, finance, life sciences or HR department are likely to contain personal information.
What has Commit done to protect your personal information?
- We have trained our inhouse teams and informed our partners in order to create a personal data protection culture.
- We have incorporated the Privacy by design/by default principles into our systems to promote privacy and data protection compliance from the start.
- We are collecting only the necessary data needed to perform the services you requested, and we are limiting the storage periods for that data.
- We are compliant with ISO 9001, 17100 and 27001 certifications and we are following all relative codes of conducts.
- We are performing periodic internal inspections to make sure we are GDPR compliant.
- We have a Risk Management Plan in place to try and avoid vulnerabilities and data breaches and violations.
- We are providing the following personal data rights to our clients and partners in accordance with the GDPR: the right to be informed, the right to access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and the right to withdraw consent.
We are committed to protecting and respecting your privacy. For more information on the kind of data we collect from our partners and clients and why and for a detailed description of rights, please read our Privacy Notice here.