Statement of GDPR Compliance for Engage Business Media Ltd
Engage Business Media Ltd have taken extreme efforts to ensure that our website and related services are GDPR compliant.
This statement covers the following websites all owned and controlled by Engage Business Media Ltd
WHAT IS GDPR?
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The main difference is that the regulation will put more onus on organisations for seeking and recording permission, being transparent about what, how and for how long data is stored and used. It also addresses the export of personal data outside the EU.
The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The General Data Protection Regulation came into effect on 25th May 2018 and affect all organisations that hold data on individuals. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
WHAT DOES GDPR MEAN?
- Easily locate and amend/delete contact details easily and inform third parties to do the same.
- Privacy notices remain accurate and up to date with latest GDPR requirement.
- Individuals have access to their personal data so that they are aware of and can verify the lawfulness of the processing.
- Information if requested is provided without delay within a month of receipt and free of charge.
- Immediately analyse any complaint regarding how information is used and provide a full explanation regarding the use of their information, source and relevance to a use or marketing purpose.
- Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
- Clearly inform an individual and provide the right to decline when data is being shared with third parties.
- The “right to be forgotten” enabling an individual to request that personal data is deleted or removed.
- To stop processing data if an individual contests the accuracy of the personal data, processing will stop until the verification and accuracy of the data is approved.
- To provide data in a structured, machine readable format such as a CSV files.
- Stop processing data as soon as an objection is received
- To deal with an objection at any time and free of charge
- Inform individuals of their right to object in privacy notices and at point of first communication.
- Data to be deleted from the database when:
- Where data’s no longer necessary in relation to the original purpose it was collected for.
- When the individual withdraws consent.
- When the individual objects to the processing and there’s no valid reason for continuing.
- The personal data was unlawfully processed (a breach of GDPR).
- The data must be erased to comply with a legal obligation.
- If data is disclosed to third parties that is subject to an erasure request to contact third parties regarding the data and request for deletion.
The GDPR sets a high standard for consent. Doing consent well puts individuals in control, building customer trust and engagement which enhances reputation.
- Offering individuals genuine choice and control.
- Requesting a positive opt-in, not a pre-ticked box or other method of consent by default.
- A very clear and specific data opt-in statement.
- Name any third parties who will rely on the consent.
- Make it easy for people to withdraw consent
- Keeping evidence of consent (who they are, when the provide their details, how they provided them and who they may have been shared with.
- Always review and refresh consent statements as and when anything changes.
- Avoid making consent a precondition of a service.
We have reviewed the website, all data collected and our communications to our customers. This documents details our comprehensive audit and checklist and is our statement on GDPR compliance should it be required.
- We have audited all of the personal and non-personal data collected on the website.
- We have checked that all of the data is required and have removed any data that is not strictly necessary.
- We have checked our legal grounds for all data collected.
- We have checked that all data is stored and processed safely.
- We have checked to see if we store any sensitive data.
- We do not store any sensitive data.
- We have informed readers of how to block cookies if they wanted and what would happen if they chose to do this.
Asking for Consent
(where consent is required)
- We have checked that consent is the most appropriate lawful basis for processing.
- We specify why we want the data and what we’re going to do with it.
- We keep a record of when and how we got consent from the individual.
- We regularly review consents to check that the relationship, the processing and the purposes have not changed.
- We make it easy for individuals to withdraw their consent at any time, and publicise how to do so.
- We act on withdrawals of consent as soon as we can.
- We don’t penalise individuals who wish to withdraw consent
- We do not provide access to the website or third-party processors to any persons without first checking for compliance and/or seeking a processors agreement.
- We have audited our third-parties and checked that they are GDPR compliant.
- We take the security of the website and all third-party data processors very seriously.
- We have a signed processor agreement from our web agency – b:web limited [who have access and manage the security of our website].
- We limit Third-Party access to the website and related data according to requirement of the job/activity/task. We will remove access as soon as it is no longer required.
- We regularly review access rights.
- We regularly update passwords.
- We have an SSL certificate on the website.
- All data is transmitted via HTTPS.
- Account passwords are always stored in a non-reversible encryption.
- We have installed a firewall on the website that helps to keep the website free from malware and viruses. The firewall alerts our web agency in the event of any issues.
- We have a disaster recovery process in place via a regular back-up service.
- We manually check the security of our website and scripts at least once a month.
- The website does not store any personal data provided via consent
- Personal data provided through consent is transmitted directly via email or otherwise to Third-Parties.
We have taken the following steps to ensure that our marketing database is compliant:
We have always worked hard to maintain the integrity of our mailing list. Our mailing list is crucial to the functioning of our business and to future growth. We confirm 1,000’s of individuals from the same database register to our events, webinars, whitepaper downloads, training etc etc. We have sent out many emails and every single one has the option for the receiver to remove themselves.
Emails sent to the list created prior to 25th May 2018 are sent under legitimate interests.
RESPONSIBLE DATA PROCESSING
Further information and overview of GDPR visit: https://ico.org.uk/
The Data Protection Act 1998 requires every organisation that processes personal information to register with the Information Commissioner’s Office (ICO):
- Registration Number: ZA257892
- Data Controller: Engage Business Media
Date 9th September 2020. This document will be reviewed regularly and certainly as and when the compliance regulations are changed or updated.