What is the EU GDPR?
General Data Protection Regulation is an EU data protection directive, introducing a series of ‘data subject’ rights that were introduced in 2018 to ensure that all EU residents have control over their personal data – The GDPR still affects the UK businesses, despite our decision to leave the EU.
Why is the GDPR so important?
Many smaller businesses across London presume the GDPR doesn’t apply to them. This is not the case. The GDPR’s regulations state that any business that is involved in the handling or processing of personal data would be subject to the same financial penalty as large businesses.
IOTAC GDPR Statement
IOTAC Limited GDPR Statement Updated 1st July 2020
IOTAC LTD is a registered company in England and Wales.
Registered Number 11794703.
Registered Office: 13 Whites Row London E1 7NF
IOTAC LTD embraces the General Data Protection Regulation (GDPR) which comes into force in EU member states from May 2018.
In essence, the GPDR puts into practice its six underlying principles to protect the individual and the personally identifiable information (PII).
⦁ Lawfulness, fairness and transparency. Lawful: Processing must meet the tests described in GDPR [article 5, clause 1(a)]. Fair: What is processed must match up with how it has been described. Transparency: Explain to the subject what data processing will be done.
⦁ Purpose limitations: Define what it is being used for and not be used for other purposes.
⦁ Data minimisation: Only store what is required.
⦁ Accuracy: The data is accurate
⦁ Storage limitations: No longer than necessary.
⦁ Integrity and confidentiality: It is held securely and, if stored online or in the cloud, it is encrypted by default.
There is currently no “GDPR data compliance certificate” as such. The Information Commissioner’s Office (ICO) can audit any IOTAC to assess whether they are compliant or not.
IOTAC LTD has been involved in an ongoing process to strive for GDPR compliance
To date, the company has:
⦁ All staff have received training on what GDPR entails and they understand what data on individuals should be held or not.
⦁ Engineers receive contact information on a need to know basis and as explained in the Non-disclosure agreement (NDA and the Staff Code of Conduct [link to document], any contact between the client and the engineer is made via IOTAC.
⦁ Data-mapped all client data held by and on behalf of IOTAC Limited.
⦁ All third parties with PII have been contacted and asked to show their commitment and intention to comply with GDPR.
⦁ IOTAC LTD is committed to a regular data review to identify what data is no longer needed and will delete it.
⦁
⦁ All staff sign and agree to the company NDA and the Staff Code of Conduct on initiation of any contract with IOTAC.