What does GDPR imply?
The General Data Protection Regulation (GDPR) is a set of rules to ensure better protection of European citizens’ data. The regulation came into force on 25 May 2018, replacing the 1995 Data Protection Directive. Its goal is twofold: to safeguard European citizens’ privacy and to give citizens more rights on what happens with their personal data.
To achieve these goals, the GDPR legislation sets out seven main principles. These are that personal data should be:
- Processed lawfully, fairly and transparently
- Used for limited purposes
- Kept to a minimum
- Be accurate
- Kept confidential
- Kept secure
In addition to the above, every organisation must appoint a data controller who needs to take responsibility for ensuring compliance with the above and being able to demonstrate such compliance. Organisations also have an obligation to disclose any GDPR breeches to the Office of the Information and Data Protection Commissioner.
GDPR also grants citizens rights to access the data held on them by organisations, to have that data deleted.
Protection of your personal data
MeDirect ensures that all personal data is securely stored. To protect your personal details against access by unauthorised persons or loss, we have implemented the necessary technology and ensure that it is kept up to date. With more than 300 employees located in our offices in Malta, Belgium and the Netherlands as well working remotely across many other countries, it is also important to have the correct procedures in place so that information is shared purely on a need to know basis.
In the event that third parties offer a service to MeDirect, a contractual agreement ensures these third parties implement the correct security procedures, such as working with encrypted information, to safeguard your personal data. The transfer of your personal data to third parties will only be for purposes laid down in our agreements with you and/or in line with our terms and conditions.
What measures did MeDirect take to be in line with this legislation?
Various initiatives were implemented to protect our clients and employees, such as:
- Providing ongoing privacy training to all our employees to ensure utmost security awareness when dealing both with customer and other employee data.
- Reviewing how we ask customers for permission to be informed of our commercial offers or to receive newsletters.
- Amending internal policies to ensure they are in line with GDPR legislation.
MeDirect keeps both its technology and procedures under constant review to ensure not only that it complies with GDPR but that it offers the best possible levels of security to its customers and their data.