GreenWaveX has revised the terms for storage of personal data of European clients conforming to the GDPR.
The new General Data Protection Regulations (GDPR) came into effect on 25 May 2018. The GDPR extends to all organizations processing personal data of EU citizens and residents, irrespective of the location of the company. GreenWaveX has begun the update of the privacy policy in congruence with the GDPR.
In adjustment to the new legislation, GreenWaveX is extending the rights of its EU clients to manage their personal data. Effective on 25 May 2018, the company will implement new data gathering and processing rules that will enhance data security and service quality. Thus, GreenWaveX aims to provide even more convenient and secure working conditions for its clients.
The GDPR extends to companies processing personal data of European clients when performing online sales. Such businesses are obligated to comply with the new EU rules for the processing of personal data.
As stated in the GDPR, personal data refers to any information relating to a known or identifiable person (the data subject) who can be determined, whether directly or indirectly, by means of such information. Such information shall include, but is not limited to, name, location details, an online identifier, or other factors unique to the physical, physiological, genetic, psychological, economic, cultural or social identity of the person (p.1, a.4).
The general approach of the EU to the processing of personal information is indicated in six principles:
- Legality, honesty and integrity. Personal information must be processed in a legitimate, equitable and transparent manner. Information on the aims, methods and quantities of the collected personal data must be stated explicitly and simply.
- Restriction of processing in line with the objectives. The data must be obtained and used only for the purposes indicated by the organization.
- Minimization of processed data. Personal data must be obtained in the amount necessary for processing purposes.
- Accuracy and relevance of data. Inaccurate personal information must be corrected or deleted at the owner’s request.
- Limitation of storage time. Personal information must not be stored for a longer time than is required for processing purposes.
- Assurance of data integrity and confidentiality. Companies are obligated to protect personal information from illegal or improper processing, loss and harm.
Within the context of the GDPR, GreenWaveX is both a Data Processor and a Data Controller. This indicates that it separately decides the aims of data collection and processes the required information.
Since the release of the new EU GDPR, GreenWaveX carried out an analysis of all networks in which personal information is transmitted and where it is processed.
The organization has decreased the period during which each system preserves personal details and has modified the methods of internal data communication to standardize the storage and management of data. Internal systems have also been developed to manage requests for and deletion of personal data.