Here we outline at a high-level how Clinch will be compatible with the European Union General Data Protection Regulation (GDPR).
The GDPR significantly changes data protection law in Europe, strengthening the rights of individuals and increasing the obligations on organizations.
The new law will give individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organizations. The GDPR also imposes corresponding and greatly increased obligations on organizations that collect this data.
Personal data is any information that can identify an individual person. This includes a name, an ID number, location data (for example, location data collected by a mobile phone) or a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.
The GDPR is based on the core principles of data protection which exist under the current law. These principles require organizations and businesses to:
Under the GDPR individuals have the significantly strengthened rights to:
There are seven areas of interest with GDPR that this document will outline:
The regulation is due to come into effect on May 25th, 2018.
Clinch has significant resources and business operations in Republic of Ireland, a EU country with a strong tech presence. All of our engineering activities operate under our Irish registered company. Clinch in Ireland is registered with the Irish Data Protection Commissioner. This body has extensive experience regulating technology companies and for example, is responsible for Google, Facebook, Microsoft and many more within the European Union.
Under GDPR Clinch has a legal obligation to report any breach of security leading to the release of identifiable PII data being disclosed, destroyed, lost, altered or stolen to the Irish Data Protection Commissioner no later than 72 hours after we become aware of it.
As a data processor we will notify our impacted customer or customers to enable them to fulfill their roles as data controllers.
You can read a more detailed account of how we tackle and coordinate activities on becoming aware of a security incident in our “Security Incident Response Guide.pdf”.