General Data Protection RegulationGeneral Data Protection Regulation is usually abbreviated as GDPR. The General Data Protection Regulation is a EU regulation for the protection of individuals with regard to the processing of personal data. It will become binding in all Members States of the European Union on 25 May 2018. Privacy and data protection are fundamental rights protected by EU law providing a legal basis to support the rights of data subjects under the GDPR.
Special or Sensitive Personal DataThis includes:
HCI Data Ltd does not store special or sensitive personal data about its clients. Records of Processing ActivityArticle 30 of GDPR requires controllers have to maintain records of all processing activities. Controllers can be exempted from this obligation when they have no more than 250 employees. Lawful Basis for ProcessingIn order to process personal data the Data Controller must have a lawful basis to process the data. A lawful basis will be one (and only one) of:
No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual. The vast majority of personal data processed by HCI Data Ltd will be on the basis of "contract". This lawful basis is used in order to process someone’s personal data to fulfil contractual obligations to our clients or because a potential client have asked HCI Data Ltd to do something before entering into a contract (e.g. provide a quote). Privacy and Electronic Communications RegulationsAlthough not part of GDPR, a "sender will be breaching another set of regulations, the Privacy and Electronic Communications Regulations, which makes it an offence to email someone to ask them for consent to send them marketing by email. Toni Vitale, head of regulation, data and information at law firm Winckworth Sherwood May 2018 |
|||||
|
|||||
