The European regulation GDPR 2016/679 is the protection of natural persons with regard to the processing of personal data and the free movement of such data.
This regulation is an essential step to strengthen the fundamental rights of individuals in the digital age and facilitate business by clarifying the rules for companies and public bodies in the digital single market. A single law will also eliminate the current fragmentation across different national systems and unnecessary administrative burdens.
BetterKnowledge4all is a project based in Barcelona, Spain, and the Representative and Data Protection Officer is Ms. Silvana Salinas G. (firstname.lastname@example.org)
a. Processed in a lawful, fair and transparent manner in relation to individuals;
b. Collected for specified, explicit and legitimate purposes and shall not be further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, for scientific or historical research or for statistical purposes shall not be considered incompatible with the initial purposes;
c. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d. Accurate and, where necessary, kept up to date; all reasonable steps should be taken to ensure that personal data which are inaccurate, in relation to the purposes for which they are processed, are erased or rectified without delay;
e. Retained in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be retained for longer periods insofar as the personal data are processed solely for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, provided that appropriate technical and organizational measures required by the GDPR are implemented to safeguard the rights and freedoms of individuals; and
f. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures."
a. This policy applies to all personal data processed by BetterKnowledge4all.
b. The Responsible Individual shall be responsible for BetterKnowledge4all's ongoing compliance with this policy.
c. This policy will be reviewed at least annually.
d. BetterKnowledge4all will register with the Information Commissioner's Office as an organization that processes personal data.
Legal, fair and transparent processing
a. To ensure that data processing is lawful, fair and transparent, BetterKnowledge4all will maintain a System Log.
b. The Systems Register will be reviewed at least annually.
c. Individuals have the right to access their personal data and any such request made to BetterKnowledge4all will be dealt with in a timely manner.
a. All data processed by BetterKnowledge4all must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
b. BetterKnowledge4all will note the appropriate legal basis in the Systems Register.
c. Where consent is invoked as a lawful basis for processing the data, proof of opt-in consent will be retained with the personal data.
d. Where communications are sent to individuals on the basis of their consent, the option for the individual to revoke consent shall be clearly available and systems shall be in place to ensure that such revocation is accurately reflected in BetterKnowledge4all's systems.
a. BetterKnowledge4all will ensure that personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
a. BetterKnowledge4all will take reasonable steps to ensure that personal data is accurate.
b. Where necessary for the lawful basis on which the data is processed, steps will be taken to ensure that personal data is kept up to date.
Archiving / disposal
a. To ensure that personal data is kept for as long as necessary, BetterKnowledge4all will establish an archiving policy for each area in which personal data is processed and will review this process annually.
b. The archiving policy will consider what data should/should not be retained, for how long and why.
a. BetterKnowledge4all will ensure that personal data is stored securely using modern and up-to-date software.
b. Access to personal data will be limited to personnel who need access to it and appropriate security will be in place to prevent unauthorized sharing of information.
c. When personal data is deleted, this shall be done in a secure manner so that the data is irretrievable.
d. Appropriate backup and disaster recovery solutions shall be in place.
In the event of a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data, BetterKnowledge4all will promptly assess the risk to the rights and freedoms of individuals and, if appropriate, report this breach to the ICO (more information on the ICO website).
END OF POLICY
CONTACT / DEMO REQUEST
Barcelona - Spain