For the past two decades, the Data Protection Act of 1998 served as the main reference to ensure protection of the citizenry’s personal information in various industry uses. The EU believes that the creation of the GDPR is timely, as more trade systems capitalize on consumer data for growth over the years. Generally, the GDPR focuses on three main points: regaining control of personal data to users, simplification of regulatory settings, and appointment of data protection officers in companies where data is processed in every day operations.
DBI, as a data company, sees to it that we comply with the current laws on data protection. We will conform to the reformed EU regulation as long as it benefits both European consumers and small to medium-scale industries too.
12 Essential Points in Preparation for the GDPR Enforcement
1.) For Information DBI holds
DBI adheres the eight data protection principles stipulated in the Data Protection Act of 1998.
DBI has started educational discussions on the regulation and would continue disseminating more information about it once we have designated our Data Protection Officer.
3.) Communicating Privacy Information
DBI will review its current Data Protection Policy and will make necessary changes in accordance to the purpose.
4.) Individual Rights
Consumer data stored must be formatted in a way that is easily and securely accessed. Moreover, we have a data destruction system in the event personal data needs to be abolished.
5.) Subject Access Requests
Access requests to certain consumer data can be processed within 28 days or less. Identity of the requester should be verified prior to processing of request to ensure disclosure of personal information to the authorized individual.
6.) Legal Basis for Processing Personal Data
DBI will present a detailed description (flowchart) of how the data processes take place in accordance with data protection laws.
DBI will review the manner by which data is obtained from consumers with their consent.
As a company, we have a vulnerable person policy; so, we do not
contact consumers below 18 years old or those over 80 years old.
9.) Data Breaches
DBI constantly checks its storage system to prevent and to detect instances of data breaches.
10.) Data Protection by Design and Data Protection Impact Assessments
Concerned DBI personnel, especially the Data Protection Officer will familiarize themselves with the Primary Impact Assessments guidelines by the ICO.
11.) Data Protections Officers
Small companies like us may not afford designating a fulltime Data Protection Officer; rather we would assign the responsibility to one of our team members who has the ability to fulfill the tasks – overseeing data security, detection of cyber threats, and managing other business concerns related to storage and processing of consumer data.
DBI is an ICO registered company based in the Philippines. It only works with other companies that are ICO accredited as well.