Ensuring GDPR compliance in our work

 

Following are some actions which we take to ensure that your website is compliant with GDPR.

Our responsibilities relating to the points below may vary depending on our role in each particular project. Our responsibilities will be clearly outlined in a contract before commencing work.

Hosting environment

Server security is important to protect data. We use third party servers that are protected by a firewall. Possible attacks are monitored and data access is secured. We ensure that third party hosting providers are GDPR compliant and provide a Privacy Policy and Data Processing Agreement.

Secure data transmission

“Https” connections are used to protect data in transmission.

Collection and usage of data

We ensure that our clients’ Data collectors understand how data is collected and where it is stored. When using third party services such as Google Analytics, we provide our clients with documentation on how these parties handle data.

Documentation

We support our clients to write Privacy Policies which are descriptive, accurate and up to date. The Privacy Policy should include how data will be collected, rights of the data subjects, data collectors’ contact information, measures taken to handle security breaches, etc. Consent from the data subject needs to be documented. Another important information to be included is how long the data will be stored and how they will be deleted either automatically or manually.

Cookies and session management

We implement Cookie consent to make consent from the website user available prior to capturing data using cookies and session management.

Data management

Data subjects are provided with a method to access, change and remove collected data. We generally use CookieYes services to allow Data subjects manage their cookie preferences.

Data subject Access Requests (DSAR)

https://www.cookieyes.com/blog/dsar-data-subject-access-request/

Data Controller/Processor responsibility

Our role as Data Controller, Joint Controller or Data Processor will be agreed and outlined in our contract before commencing work.

Third party services

When using third party services, we make sure that they comply to GDPR. Data collectors (client) should be well aware about how they work and handle the collected data.

Handling data breaches

GDPR states that any form of breaches should be informed to users and relevant authorities with 72 hours. Data collectors should have a method in place to inform breaches and should include all the parties that should be aware about the breaches.