GDPR Compliance Statement
GDPR Compliance Statement
What is GDPR?
The European Union (EU) General Data Protection Regulation (GDPR) gives people more control over how organizations use their data and increases penalties on organizations for breaches of their obligations.
GDPR’s purpose is to strengthen data protection for individuals within the EU while also harmonizing data privacy laws across Europe.
Enconnex commitment to GDPR
At Enconnex we are dedicated to ensuring high standards of data privacy and recognize that we need to take steps to meet the demands of GDPR. We have summarized our preparation for GDPR in this statement and this includes the implementation of policies, procedures, and controls to ensure maximum and ongoing compliance.
Identifying personal data
We have documented what personal data we hold, where it came from, and with whom we share it.
Policies and Procedures
We have revised our data protection policies and procedures to meet the requirements and standards of GDPR including:
- Data breaches – we have put in place procedures to identify, assess, and investigate any suspected personal data breach at the earliest possible time and will notify individuals or any applicable regulator where we are legally required to do so.
- Data retention and erasure – we have included data retention provisions into our privacy policy and will ensure that personal information is stored, archived, and destroyed compliantly.
- Subject access requests – we have revised our subject access procedures to accommodate the revised timeframe for providing the requested information and try to respond to all legitimate requests within one month. We have also made this provision free of charge and have included this individual right in our privacy policy.
Privacy Policy
Please refer to our Privacy Policy here: Privacy Policy
Consent
We have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what personal data they are providing, why, and how we use it, and have sent opt in request emails to individuals on our database. Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to individuals via text or email. However, we have developed processes for recording consent, making sure that we can evidence an affirmative opt-in and that individuals have a way to withdraw consent at any time.
Employees
We understand that employee awareness is vital to compliance with GDPR and will ensure that existing employees receive training to enhance this awareness. If you have any questions please contact us at [email protected].