GDPR

 

Backner ApS GDPR Compliance Statement

 

The EU General Data Protection Regulation (GDPR) will take effect across the European Union on 25th of May 2018 bringing significant changes to data protection law, being designed to meet the requirements of the digital age.

 

The new Regulation aims to standardize data protection laws and processing across the EU; giving individuals a stronger, more consistent right to access and control their personal information.

 

Our Commitment

 

At Backner ApS we are committed to ensure the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection.

We are dedicated to safeguarding the personal information and developing a data protection control that is effective and demonstrates an understanding of the new Regulation.

Our preparation for GDPR compliance have been summarized in this statement including the development of new data protection roles, policies, procedures and controls to ensure our continuous performance to comply with the Regulations.

 

How We have Prepared for the GDPR

 

Backner ApS had a consistent level of data protection across the organization, however it is our aim to be fully compliant with the GDPR.

Our preparation includes:

  • Information Audit – carrying out a company wide information audit to identify and access what personal information we hold, where it comes from, how and why it is processed and if to whom it is disclosed.
  • Policies & Procedures – Revising data protection policies and procedures to meet the requirements and standards of the GDPR including:
    • Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Governance measures are in place to ensure that we understand our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
    • Data Retention & Erasure – our retention policy has been updated to ensure to meet the data minimization principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new Right to Erasure obligation and are aware of when this and other data subject’s rights apply.

 

 

  • Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, investigate and report any personal data breach at the earliest possible time. The procedures have been distributed to all employees, providing the necessary information to pursue with the procedure in case of a breach.

 

  • Legal Basis for Processing – we are committed to reviewing all processing activities ensure the legal basis of the processing. Additionally, we maintain records of our processing activities, ensuring that our obligations are met.
  • Privacy Policy – we have updated our Privacy Policy Notice to comply with the GDPR, providing the individuals whose personal information is processed full transparency of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
  • Obtaining Consent – we reworked our consent mechanism for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it. We have developed processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and data records and being able to access to withdraw consent at any time.
  • Direct Marketing – we are revising the processes for direct marketing, including opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.

 

Data Subject Rights

 

In addition to the policies and procedures mentioned, we provide easy to access information via our website, in the office or marketing material of an individual’s right to access any personal information that Backner ApS processes about them and to request information about:

  • What personal data we hold about them
  • The purposes of the processing
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your data for
  • If we did not collect the data directly from them, information about the source
  • The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws.

 

Information Security & Technical and Organizational Measures

 

Backner ApS has robust information security procedures in place to protect personal information from unauthorized access. Our third part IT service provider covers the technical security of the processed personal data having several layers of security measures in place. All measures are well documented, stating the procedures in case of a breach.

 

 

We are fully aware that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans.

 

If you have any questions about our preparation for the GDPR, please contact us at info@backner.dk