Shopping Cart

Enconnex GDPR Compliance Statement

The European Union (EU) General Data Protection Regulation (GDPR) comes into force across the EU on 25th May 2018 and brings with it the most important changes to data protection law in two decades. The GDPR will supersede the current Data Protection Act giving people more control over how organisations use their data and the potential for increased penalties to be imposed on to organisations for breaches of their obligations.

The GDPR’s purpose is to strengthen data protection for individuals within the EU whilst also providing harmonisation for data privacy laws across Europe.

Enconnex commitment to the GDPR

At Enconnex we are dedicated to ensuring high standards of data privacy and recognise that we need to take steps to meet the demands of the GDPR. We have summarised our preparation for the GDPR in this statement and this includes the implementation of policies, procedures and controls to ensure maximum and ongoing compliance.

Identifying personal data

We have documented what personal data we hold, where it came from and with whom we share it.

Policies and procedures

We have revised our data protection policies and procedures to meet the requirements and standards of the GDPR including:

  • Data breaches – we have put in place procedures to identify, assess and investigate any suspected personal data breach at the earliest possible time and will notify individuals or any applicable regulator where we are legally required to do so.
  • Data retention and erasure – we have included data retention provisions into our privacy policy and will ensure that personal information is stored, archived and destroyed compliantly.
  • Subject access requests – we have revised our subject access procedures to accommodate the revised timeframe for providing the requested information and try to respond to all legitimate requests within one month. We have also made this provision free of charge and have included this individual right in our privacy policy.

Privacy Policy

Please refer our Privacy Policy here: Privacy Policy

Consent

We have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what personal data they are providing, why and how we use it and have sent opt in request emails to individuals on our database. Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to individuals via text or email]. However, we have developed processes for recording consent, making sure that we can evidence an affirmative opt-in and that individuals have a way to withdraw consent at any time.

Employees

We understand that employee awareness is vital to compliance with the GDPR and will ensure that existing employees receive training to enhance this awareness.

If you have any questions about our preparation for the GDPR, please contact us at [email protected].