What is GDPR?
The law is changing with regards to how companies use people’s data. From May 25th this year, the EU General Data Protection Regulation (GDPR) will be introduced to protect EU citizens from organisations using their data wrongfully or irresponsibly. This puts control of people’s data back into their own hands, rightfully so.
Under the new law, people have the right to access any information a company holds about them and to know why that data is being processed. Organisations must, in turn, identify how they collect people’s data, why and how they will use it. People can also request that their data is deleted at any time and companies have a responsibility to divulge any data breach within 72 hours of its discovery.
Cantemo’s goal is to ensure our customers feel sure that we are handling their personal data correctly and securely.
What is Cantemo doing to keep our customer’s data safe?
As part of our preparation for becoming GDPR compliant we have put in place a number of data security measures.
To ensure that we are collecting data correctly and using it respectfully, we have evaluated every piece of personal data we are gathering in all of our services and products, and documented the policies and processes to justify the collection of that data. We have also removed non-essential data.
We have established internal routines to dictate how all personal data is managed over time, and for how long we should keep that data. Alongside this, we have introduced a security incident management process. This process outlines a step-by-step procedure to report potentially serious incidents, including personal data breaches, to affected users and customers, and also to the supervisory authority in Sweden, Datainspektionen. This also includes incidents where personal data has been lost or destroyed accidentally, or has been accessed by an unauthorised party.
What do our customers need to know?
In line with the new law on data protection, we are offering our customers and users the ability to extend their rights. This means they have the right, at any time, to:
- Access their data
- Correct their data
- Be forgotten
This applies to all of our customer and partner services. If you would like to exercise your right to any of the above, please send an email to firstname.lastname@example.org, making sure to define what you would like to do.