Marksystem commitment to GDPR compliance
The General Data Protection Regulation (GDPR) is a Regulation of the European Union that came into force on the 25th of May 2018. It applies to all organisations collecting and processing the personal data of the EU citizens.
As a business that cares about its employees, customers and partners, Marksystem recognises the importance of complying with the GDPR requirements. To comply with the regulation, we protect the personal data by implementing effective technical and organizational controls guided by best practices such as ISO 27001.
Marksystem commits, at the senior level, to process the personal data of various stakeholders lawfully, fairly and transparently.
Commitment to compliance and the security of personal data is demonstrated through the relevant internal policies and procedures which together with technical controls form a reliable data protection programme adopted by Marksystem.
In our effort to prove compliance, we can confirm that:
- The personal data has been carefully identified, mapped and analysed.
- A policy is in place for the protection of personal data within our organization which has been approved by management and communicated to all employees and other relevant people.
- All employees have received awareness training regarding data protection and the GDPR.
- Everyone understands their roles in the protection of personal data and has received training where needed.
- For each process that involves processing of personal data, we have established the lawful basis of the processing under the GDPR.
- In those cases where our processing is based on consent, we have taken steps to ensure that it is clear and freely given. We keep record of the consent given.
- We have implemented online user facilities to promptly process and fulfil data subject access requests.
- The length of time we keep personal data for, or the way we decide this, has been defined in each area of processing, and has been minimised.
- Where we are a controller, all of our contracts with processors have been updated to comply with the requirements of the GDPR.
- Where we act as a processor, we have contractually committed to complying with the requirements of the GDPR, providing a Data Processing Agreement to our B2B customers.
- All of our employees are subject to confidentiality obligations with respect to personal data.
- We transfer personal data only to countries that on which adequacy decision has been adopted by the EU Commission.
- When designing a new service, we take into account data privacy obligations applying specific controls. We minimise our use of personal data and protect it applying techniques according to the ISO 27001.
- We have in place Policies and Procedures to fulfil our obligations in the event of a breach of personal data, both as a controller and as a processor.
We continue developing and improving our data protection policies and controls according to the organizational changes, guided by legal requirements and the needs of our customers and partners.