The General Data Protection Regulation (GDPR) (EU regulation 2016/679 dd. 27 April 2016) determines new stricter rules to manage, process and secure better personal data of European citizens.
The GDPR strengthens the existing European “Data Protection Directive 1995”.Another name that is being used for this new regulation is Algemene Verordening Gegevensbescherming (AVG).
The GDPR introduces a strong elaborated frame of obligations to which a processor of personal data have to comply. The GDPR-regulation also determines the rights of a person in respect of collecting and the use of these data.
Since Concordia processes personal data for the account of her clients, she has to comply to the privacy regulation that is in force on national and European level and she has to protect the personal data of her clients adequately.
Concordia guarantees to her clients a correct level of data protection in accordance with the national and European privacy regulation.
Concordia protects your data and privacy amongst others as follows:
- Concordia uses a package of procedures and directives that foresee to guarantee the safety of her data. These procedures and directives are established and revised by the managing board and management.
- The role and responsabilities with respect to data protection are clearly defined within the organization. This ensures the correct implementation of the procedures and directives concerned.
- Concordia has a physical security of the computer rooms and application servers where the software and data are located. This security -in a locked room- includes an alarm installation, a cooling system, a power outage installation and a fire security system.
- A multiple back-up-policy allows Concordia at any time to ensure the continuity of her business management without interruption and without data loss.
- Concordia has made a plan for logical security on the basis of
- An internally managed firewall, a proxy server and an up-to-date virusscanner;
- A formalized management of the access rights based on the roles and responsabilities of the internal users;
- A unique logincode and password (is being changed on a regular basis).
- The necessary fallback locations and infrastructure are foreseen.
- The availability of a GDPR committee for the management of possible complaints with impact analysis and determination of priority of possible incidents and corresponding reaction and diagnosis time frames.
- The data are kept conform the legal obligations with respect to the saving obligation.
- Concordia uses general technics for access control.
- The necessary stipulations with respect to confidentiality and protection of the personal living ambiance are noted in the conventions, the work rules, the contracts and documents of Concordia with the intention to sensitize the clients and staff of Concordia.
- The level of service can be agreed in writing, at the request of the client, and a periodic reporting is possible.
Concordia has taken a number of measures to be GDPR compliant by May 25th, 2018, amongst which:
- Concordia has appointed a GDPR coordinator and established a GDPR committee, to concretize the implementation modalities.
- A data register is kept with all processing activities of personal data according to the model of register provided by the Privacy Commission.
- Via the previously mentioned security systems Concordia is able to notice incidents quickly and to deal with them conform the determinations of GDPR.
- Agreements with every supplier of Concordia are being modified to make sure that the company in question is GDPR compliant.
- The staff of Concordia is being informed and trained with regards to the implementation of the GDPR regulations.
- The clause about privacy, security and protection of the personal living ambiance in the agreements and publications of Concordia is adapted to the GDPR requirements.
If you might have any additional questions or if you would like to have any further information, please contact us via firstname.lastname@example.org.