The new EU General Data Protection Regulation (GDPR) introduces more stringent requirements for organisations to protect the personal data of EU residents wherever it is collected, stored, processed or transferred. These requirements must be met by organisations from any country, not just those based within the EU and the transfer of data outside the EU must ensure the same high levels of protection. Podium welcomes the introduction of GDPR in May 2018 and is committed to comply with all aspects of the new law.
The Key Principles of GDPR And Podium’s Commitment
Personal data should be processed lawfully, fairly and in a transparent manner.
Purpose Limitation and Data Minimisation
Podium undertakes not to use data for any reason incompatible with the stated purpose as described to the individual. We may use personal data for statistical purposes but, in these circumstances, the data will be completely anonymised and aggregated.
Podium collects only such data as required for the purposes declared and no more.
Data held must be accurate and, where necessary, kept up to date.
Podium will endeavour, where possible, to ensure the accuracy of data and will respond to any requests to rectify inaccurate data.
Data Portability and The Right to Erasure
Individuals have the right to request a copy of any data Podium holds on them. We will make sure there is a process to obtain such data. Podium also undertakes to provide a means for the erasure of any individual’s data on request.
Retention of Data
Podium will retain personal data for as long as is required for the purposes it was collected. As a general rule, we will anonymize data after a period of 18 months at our discretion.
Podium takes extensive measures to ensure the security of any data it holds and submits to independent security audits such as penetration testing. A detailed document of our security systems and procedures is available on request. Please contact us at email@example.com with your details and we will arrange delivery of the document.
Data Transfer Outside The EU
Podium holds personal data on secure servers in Australia. Please see our security document for details. We undertake to ensure that any data transferred outside the EU is subject to the same high level of security as is available within EU boundaries. All data transfer between Podium databases and Podium applications is done exclusively over an encrypted connection.
Podium Organisational Policies
Podium has appointed a data protection officer who will be responsible for training and guidance of all staff with regard to data protection. A review has been undertaken of current security policies to ensure they align with the requirements of GDPR. This has included improvements in incident reporting procedures, especially in relation to data breaches which is a key concern of GDPR.
Podium Product Development
We have always put data protection as our top priority when developing new products. We will continue to enhance our security and we will make sure that all members of our development team give full consideration to the requirements of GDPR when enhancing current products or working on new ones.
If you have any queries about Podium’s GDPR status or any matter relating to data protection, please contact us on firstname.lastname@example.org.