Here we outline at a high-level how Clinch Talent will be compatible with the European Union General Data Protection Regulation (GDPR).
The GDPR significantly changes data protection law in Europe, strengthening the rights of individuals and increasing the obligations on organisations.
The new law will give individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organisations. The GDPR also imposes corresponding and greatly increased obligations on organisations that collect this data.
Personal data is any information that can identify an individual person. This includes a name, an ID number, location data (for example, location data collected by a mobile phone) or a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.
The GDPR is based on the core principles of data protection which exist under the current law. These principles require organisations and businesses to:
Under the GDPR individuals have the significantly strengthened rights to:
There are seven areas of interest with GDPR that this document will outline:
The regulation is due to come into effect on May 25th, 2018.
Clinch Talent has significant resources and business operations in Republic of Ireland, a EU country with a strong tech presence. All of our engineering activities operate under our Irish registered company. Clinch in Ireland is registered with the Irish Data Protection Commissioner. This body has extensive experience regulating technology companies and for example, is responsible for Google, Facebook, Microsoft and many more within the European Union.
Under GDPR Clinch Talent has a legal obligation to report any breach of security leading to the release of identifiable PII data being disclosed, destroyed, lost, altered or stolen to the Irish Data Protection Commissioner no later than 72 hours after we become aware of it.
As a data processor we will notify our impacted customer or customers to enable them to fulfill their roles as data controllers.
You can read a more detailed account of how we tackle and coordinate activities on becoming aware of a security incident in our “Security Incident Response Guide.pdf”.
This site uses technology such as cookies to give you a personalized experience. Click below to consent to the use of this technology.