The GDPR is a new approach to data collection, usage and protection and it will supersede national laws including the UK Data Protection Act, unifying data protection and easing the flow of personal data across the 28 EU member states. From the 25th May 2018 all organisations that process the personally identifiable information of EU residents will be required to abide by a number of provisions.
GDPR will increase the obligations of CrystalEx Cars under the current Data Protection Act and CrystalEx Cars recognises that it will require processes and communications to be put in place in addition to our current data protection procedures.
Key points of the GDPR that are relevant to CrystalEx Cars and where we will be reviewing and updating our processes include:
Documenting the information we hold:
- The regulations require a greater clarity of what personal data we hold, where it came from and who it has been shared with.
Better communication of privacy information and legal basis for processing personal data:
- GDPR requires that privacy notices clearly inform data subjects of the legal basis for processing the information, data retention periods and their rights under the GDPR (see below).
Explicit individual's rights:
- The new regulation sets in law a number of rights that data subjects must have. These rights include subject access, rectification, erasure (‘the right to be forgotten') and the right to prevent automated decision-making and profiling.
Changes to the definition of consent:
- The GDPR firmly places the responsibility of demonstrating consent has been given to the data controller.
Increased data breach reporting:
- There is an increased obligation under the GDPR for organisations to report personal data breaches to the Information Commissioner's Office (ICO).
Data protection by design:
- There will be an increased obligation to conduct privacy impact assessments before implementing certain new business processes. The GDPR builds on the concept of ‘privacy by design' and requires data protection to be linked to risk management and project management processes at the earliest stage.
In compliance with the new General Data Protection regulations that will take effect from 25th May 2018 we would like to ensure that you continue to receive everything you currently get from CrystalEx Cars
Always hold your data securely
Only share your information within CrystalEx Cars
Only ever get in touch in the ways that you wish, and we'll make sure that everything we send to you is relevant to our work and our services
We will adhere to your current communications preferences
Only analyse your data in order to communicate with you more effectively and better understand your preferences
Make sure you're in control of your information, and that you can ask us to stop using it whenever you like
Sell your contact data or pass on to 3rd parties.
You have the right to withdraw your consent at any time