General Data Protection Regulation (GDPR)

GDPR NORMS

The General Data Protection Regulation (GDPR) is an EU legislature that objects to giving the citizens of the EU better power and authority over their data. Under this by-law, organizations that handle statistics of EU citizens will have to obey data and privacy instructions. One of the key necessities according to the GDPR is changes to the Privacy Policy and the same has been accepted and updated by Digitalzone to reflect GDPR requirements. We also abide by its key law i.e. to keep EU citizens informed of how industries gather, use, share, protect and process their personal data.

TRANSPARENCY TO ACCOMMODATE GDPR

To strongly and strictly abide by GDPR, we ensure that we follow the principle of transparency that requires all types of information to be precise, easily available when required, easy to read and should also be clear and written in understandable language. Further, illustrations and images are also to be used to make it clear and better to understand. This information should also be made available at appropriate and easy-to-access sources.

DATA PROTECTION LAW

The Data Protection Act 1998 defines how the organization must procure, handle and store personal information to sustain with GDPR. These instructions apply regardless of whether data is stored electronically, on paper or on other materials. To obey the law, personal information must be taken and used fairly, stored safely and not disclosed unlawfully. The GDPR act is underpinned by eight important principals. These say that personal data must:

  1. Be treated honestly and legally
  2. Begotten only for precise, legal purposes
  3. Be satisfactory, pertinent and not extreme
  4. Be correct and kept in accordance with the norms
  5. Not be held for any further than needed
  6. Shielded in agreement with the privileges of the data subject
  7. Be protected in suitable ways
  8. Not be shifted outside the European Economic Area (EEA), unless that country or territory also safeguards an acceptable level of safety.

GDPR GENERAL DATA PROTECTION REGULATION AND COMPLIANCE

These caThe BLUEAXIS MEDIA needs to collect and utilize certain information about persons. n include suppliers, customers, employees, business contracts and other people the group have a connection with or may need to contact. The GDPR policy describes how this personal data must meet the company's data protection standards and be collected, handled and stored to and to comply with the law. The GDPR policy ensures The BLUEAXIS MEDIA

  1. Complies with the data protection regulation and abide by good practices
  2. Shields the privileges of staff, clienteles and associates
  3. Is open to how it supplies and procedures individuals data
  4. Defends itself from the dangers of a data breach.

PEOPLE, RISKS AND RESPONSIBILITIES AS PER GDPR

The GDPR policy applies to:

  1. The head office of The BLUEAXIS MEDIA
  2. All branches of The BLUEAXIS MEDIA
  3. All staff and volunteers of The BLUEAXIS MEDIA
  4. All contractors, suppliers and other people working on behalf of The BLUEAXIS MEDIA

GDPR also applies to all data that the business holds relating to recognizable individuals, even if that information technically falls outside of the Data Protection Act 1998. This can include:

  1. Names of persons
  2. Residential addresses
  3. Email addresses
  4. Telephone numbers
  5. Plus any other information relating to persons

DATA PROTECTION RISKS AS PER GDPR

GDPR policy helps to guard The BLUEAXIS MEDIA from some very real data safety risks, including:

Breaches of confidentiality.

For instance, the information being given out inappropriately. Failing to offer choice. For instance, all persons should be free to choose how the corporation uses data connecting to them. Reputational

For instance, the company could suffer if hackers effectively gained access to complex data.

RESPONSIBILITIES AS PER GDPR

Everyone who works for or with The BLUEAXIS MEDIA has some accountability for ensuring data is collected, kept and handled appropriately, particularly when it comes to GDPR. Each team that handles individual data must ensure that it is handled and treated in line with the GDPR policy and data protection principles.

  1. However, these people have key areas of responsibility:
  2. The board of directors is ultimately accountable for ensuring that BLUEAXIS MEDIA meets its legal obligations
  3. The Data Protection Officer is responsible for:
  4. Keeping the board efficient on data protection responsibilities, dangers and matters.
  5. Reviewing all data protection measures and related strategies, in line with an agreed timetable.
  6. Positioning data protection training and information for the people covered by this policy.
  7. Taking and answering data protection questions from staff and anyone else covered by this policy.
  8. Dealing with wishes from individuals to see what The BLUEAXIS MEDIA holds about them [subject access requests].
  9. Examining and approving any contracts or agreements with third parties that may handle the company's sensitive data.
  10. The IT Manager is responsible for:
  11. Ensuring all organizations, facilities and equipment used for storing data meet acceptable security standards.
  12. Performing timely checks and scans to ensure security hardware and software is functioning adequately.
  13. Assessing any third-party services the company is considering using to store or process data. For instance, cloud computing services.
  14. The Marketing Manager is responsible for:
  15. Approving any data protection declarations connected to communications such as communications and letters.
  16. Addressing any data protection questions from press or media outlets like newspapers.
  17. Where critical, working with other staff to make sure marketing initiatives stick by data protection principles.

GENERAL STAFF GUIDELINES FOR GDPR

The only people able to access data enclosed by this policy should be those who need it for their work.

  1. Data should not be shared amongst people informally. When access to private information is required, employees can demand it from their line managers.
  2. The BLUEAXIS MEDIA will provide training to all workers to help them understand their errands when taking data.
  3. Employees should keep all data safe, by taking sensible protection and following the guidelines below.
  4. In particular, strong passwords must be used and they should never be made public.
  5. Personal data should not be disclosed to unlawful people, either within the company or externally.
  6. Data should be regularly studied and reorganized if it is found to be out of date. If no longer obligatory, it should be erased and disposed of.
  7. Employees should appeal for help from their line manager or the data protection officer if they are not sure about any feature of data protection.

DATA STORAGE ACCORDING TO GDPR

These rules symbolize how and where data should be safely kept and are also laid down as per GDPR. Queries about storing data safely can be directed to the IT manager or data controller. When data is stored on paper, it should be kept in a protected place where illegal people cannot see it. These rules also apply to information that is usually kept electronically but has been published for some reason:

  1. When not required, the paper or files should be kept in a protected drawer or filing cupboard. Workers should make sure paper and printouts are not left where unofficial people could see them, like on a printer
  2. Data copies should be shredded and disposed of firmly when no longer required.
  3. When data is stored automatically, it must be protected from unlawful access, accidental removal and malicious hacking attempts:
  4. Data should be sheltered by strong passwords that are changed frequently and never shared among workers.
  5. If data is kept on detachable media (like a CD or DVD), these should be kept locked away safely when not being used.
  6. Data should only be stored on selected drives and servers, and should only be uploaded to support cloud computing services.
  7. Servers containing individual data should be sited in a secure site, away from general office spaces.
  8. Data should be backed up regularly. Those backups should be tested frequently, in line with the company's standard backup procedures.
  9. Data should never be saved straight to laptops or other mobile devices like tablets, iPad or smartphones.
  10. All servers and systems containing data should be protected by permitted security software and a firewall.

DATA USE AS PER THE GDPR NORMS

Privately held data is of no worth to The BLUEAXIS MEDIA unless the corporation can make use of it. However, it is when private data is improved and utilized that it can be at the utmost risk of damage, exploitation or stealing:

  1. When working with personal data, employees should make sure that the screens of their computers are always protected when left unattended.
  2. Private data should not be shared informally. In particular, it should never be sent by email, as this form of messages is not secure.
  3. Data must be encoded before being shifted electronically. The IT manager can demonstrate how to send data to official external contacts.
  4. Private data should never be moved outside of the European Economic Area.
  5. Employees should not save duplicates of personal data to their own systems.
  6. Continuously access and keep up-to-date the main copy of any information.

DATA ACCURACY FOR GDPR COMPLIANCE

The law requires The BLUEAXIS MEDIA to take rational steps to ensure data is kept correct and up to date when it comes to GDPR. The more significant it is that the personal data is accurate, the greater the effort The BLUEAXIS MEDIA should put into safeguarding its accuracy. It is the responsibility of all employees who work with data to take judicious steps to safeguard it is kept as accurate and up to date as possible.

  1. Data will be held in a few places as needed. Staff should not create any pointless additional data sets.
  2. Workers should take every chance to make sure that the data is updated. For instance, by authorizing a customer's details when they call.
  3. The BLUEAXIS MEDIA will make it easy for data subjects to update the data The BLUEAXIS MEDIA holds about them. For instance, via the company website [www.blueaxismedia.com]
  4. Data should be reorganized as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it should be eliminated from the database.
  5. It is the marketing manager's duty to ensure marketing databases are checked against company-suppression files every six months.

SUBJECT ACCESS REQUESTS IN TERMS OF GDPR

All individuals who are the subject of individual data held by The BLUEAXIS MEDIA are entitled to:

  1. Ask what evidence the company holds about them and why.
  2. Ask how to gain admission to it.
  3. Be knowledgeable about how to keep it up to date.
  4. Be knowledgeable about how the company is meeting its data protection responsibilities.

All individuals who are the subject of individual data held by The BLUEAXIS MEDIA are entitled to:

Ask what evidence the company holds about them and why.

Ask how to gain admission to it.

Be knowledgeable about how to keep it up to date.

Be knowledgeable about how the company is meeting its data protection responsibilities.

If any person contacts the company requesting for this information, this is called a subject access request.

Subject access requests from individuals should be made by email, addressed to the data controller at bharat@blueaxismedia.in the data supervisor can supply a standard request form, although other persons do not have to use this. Entities will be charged £10 per topic access request. The data controller will aim to deliver the relevant data within 14 days.

The data controller will always confirm the individuality of anyone making a subject access request before passing over any information.

DISCLOSING DATA FOR OTHER REASONS

In certain conditions, GDPR allows personal data to be disclosed to law enforcement agencies without the agreement of the data subject.

Under these circumstances, The BLUEAXIS MEDIA will disclose demanded data. However, the data controller will ensure the request is genuine, seeking assistance from the board and from the company's legal guide where essential.