The General Data Protection Regulations (GDRP 2016/679) is the European law governing the use and handling of individuals’ personal data.
It aims to protect the personal data of European citizens, guarantee the lawful processing of data and safeguard data subjects’ rights of data privacy and freedoms, and has three main objectives:
1. Standardisation of data protection regulations at the European level;
2. To give European citizens control of their personal data, in particular, how it is used;
3. To ensure that companies are aware of their obligations regarding the use of personal data.
The GDPR now demands that, to each planned use case involving the subject's personal data, explicit consent is "given freely" and in the form of a "positive action" (opt-in forms).
Depending on the business and the nature of the personal data processed, the implications of the GDPR can be extremely far-reaching. In addition to transparency and risk control requirements, the GDPR also includes numerous other requirements: record keeping, nominating a Data Protection Officer, implementing a management risk process, etc.
The processing of data by Agendo is defined at the minimum necessary, namely: name, email and, when applicable, IP address. As a data processor, Agendo has policies and procedures that meet the principles required for the protection of personal data, including lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, integrity, and confidentiality.
CKLO has implemented appropriate administrative, technical, and continuous monitoring safeguards to ensure the security and protection of Personal Information. CKLO uses sendinblue.com as a relay for sending emails, which is also GDPR compliant.
Our Data Protection Officer ensures that all procedures, data anonymity, and database structure follow the GDPR rules.
The GDPR has created new rights of access and data protection for "users", with which Agendo complies:
1. Right to rectification: Users have the right to modify personal information at any time.
2. Right to be forgotten: Users may request for the permanent deletion of their personal data.
3. Right to portability: Users may request that their personal data be exported and sent to another organisation or competitor.
4. Right to object: Users may object to specific types of processing or uses of their personal data.
5. Right of access: Users have the right to be informed of any and all of their personal data that has been collected, as well as its intended use.
CKLO may serve as a contractor to government entities, having categorised its systems, documented its security processes and implemented the set of controls necessary and appropriate for the FISMA Low impact level.
CKLO policies, security controls and monitoring cover the areas of Risk Assessment, Security Planning, Configuration Management, System and Communication Protection, Awareness and Training, Physical and Environmental Protection, Media Protection, Contingency Planning, Maintenance, System and Information Integrity, Incident Response, Identification and Authentication, Access Control, Accountability and Auditing.
Agendo acts as a data processor only, so you are the owner of all data produced. To better understand the requirements and legal ramifications for your organisation, please get in touch with us and we will find the best way to comply with your data protection and security policies.
