The data-driven world around us is witnessing an Information Revolution, where the technocrats are generating, capturing, and processing enormous data about people, their location, products, or services. It’s the need of an hour to incorporate important concepts and principles into our already defined data management policies.
In order to address the key issues, the General Data Protection Regulation (GDPR) has been deployed across the European Union as of 25th May 2018. A world reshaped by data must define data governance, data processing activities, and data compliance (who owns it, uses it, and how it’s protected). As a result, every organization that collects, processes, or stores personal data should be taking steps to ensure compliance.
The GDPR has been designed to meet the requirements of the digital age by updating the myriad national data protection laws currently in place with a cohesive set of rules. The new Regulation aims to standardize data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
Our Commitment to Compliance
Research Dive (we or us or our) is committed to high standards of information security, data privacy, and transparency and to managing data in covenant with legislation and regulation, including but not limited to GDPR. At Research Dive, we value our customers’ success and understand the need of a complaint and consistent approach to data protection. We have always been dedicated to safeguarding the personal information of our users under our remit. However, we recognize our obligations in continuously updating and expanding this program to keep meet the demands of the GDPR.
Gearing Up for the GDPR
The GDPR imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents, no matter where they are located.
Research Dive focuses on the following facets while preparing for GDPR:
Building on existing security and business continuity management policies, processes, and controls, with enhanced personal privacy rights to ensure compliance.
Performing gap and privacy assessment to support GDPR compliance for its customers, with mandatory breach reporting and significant penalties for non-compliance.
Increased duty for protecting data, developing compliance plans, and building a stronger secure platform for the customers by taking control of their data and reviewing their deployment options.
Provision of services to help customers understand and prepare for GDPR.
Making amendments in all our data contracts to meet additional requirements introduced by the GDPR.
Working toward deploying a dedicated erasure procedure to meet the new Right to Erasure obligation, while also assessing how long we retain and store data. The company is quite perceptive on when this and other data subjects rights apply; along with any exemptions, response timeframes, and notification responsibilities.
Training the workforce on the enhanced data rights given to individuals by the GDPR. All staff, be it sales or security, needs to be aware of key changes, such as no longer posting charges for responding to subject access requests.
Upgrading procedures and safeguarding measures to secure, encrypt, and maintain the integrity of the data, especially in regard to International Data Transfers & Third-Party Disclosures.
Renovating processes for recording consent, to ensure that we can evidence an affirmative opt-in, along with time and date records; and an easy-to-use mechanism to withdraw consent at any time.
More importantly, compliance is a shared responsibility between the organization and its customers, so the customers also need to adapt their business processes, data management practices, and integrations accordingly. The tenacious team at Research Dive aims at providing their customers with the ability to specify who has access to what data within each domain or branch. This ensures protection from inappropriate access or use. We ensure that our customers remain the sole owner of the data, retaining rights, title, and interest in data stored over the system. The company takes appropriate measures for its customers to take advantage of the features inherent in the service to meet their GDPR obligations related to deletion, rectification, transfer of, access to, and objection to processing of personal data.
Leaving No Stone Unturned, Be It Technical or Organizational
Research Dive is very insightful about the privacy and security of the users’ personal information. Our company takes every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal data from alteration, unauthorized access, disclosure, or destruction and have several layers of security measures. These measures include employee training, data encryption in storage, data encryption in transit, password policy, one-time-password and two-factor authentication mechanisms, as well as other technical and organizational prevention, detective, and correction controls.
The GDPR Journey Starts With Small Steps:
To maintain the consistent level of data protection and security across our organization, we have deployed a data privacy team that works to develop and implement the roadmap for complying with the new data protection Regulation. The team is responsible for promoting awareness of the GDPR, evaluating our GDPR enthusiasm, identifying flaws if any, and continuously implementing new policies, procedures, and measures.
We have also inculcated the GDPR training course in our employee training program specific to our core business functions deployed through our induction and annual training program.