Our Dedication to Data Protection & GDPR Compliance
SnatchBot has always been fully committed to the safety and security of our users’ personal information, and now we are equally dedicated to being compliant with forthcoming regulations of data protection.
The regulation mandates need for operational and technological controls for protection against data violation, and grants new rights for individuals in treatment of their personal data. In short, the GDPR underpins data governance for all kinds of businesses to define data protection rules specific to them.
Our Dedication to Data Protection & GDPR Compliance
SnatchBot has always been fully committed to the safety and security of our users’ personal information, and now we are equally dedicated to being compliant with forthcoming regulations of data protection.
The regulation mandates need for operational and technological controls for protection against data violation, and grants new rights for individuals in treatment of their personal data. In short, the GDPR underpins data governance for all kinds of businesses to define data protection rules specific to them.
Benefits of GDPR
Empower
Strengthen individual’s rights to protect their data
Secure
Keep pace with technology, and enhance protection against unwarranted use of personal data
Unify
Harmonize data protection laws inside and outside the European Union
The steps that must be taken to become (and remain) GDPR compliant include security obligations, enacting impact studies, appointing a data protection officer, and ensuring privacy by design, to name a few. Enterprises that do not meet compliance requirements by the enforcement date in May 2018 can be subject to heavy penalties. Since its inception, SnatchBot has considered the protection of our users’ data our utmost priority. As such, we are fully committed to complying not only with the GDPR but with all global standards, as the reach of our user base spans around the world.
GDPR at SnatchBot
Since its inception, SnatchBot has considered the protection of our users’ data our utmost priority. As such, we are fully committed to complying not only with the GDPR but with all global standards, as the reach of our user base spans around the world.
DEFINING THE GDPR
Extent
The GDPR applies to any and all businesses that collect, store, and process personal data of EU citizens, including those that operate outside of EU member states.
Handing of Personal Data
Businesses must exhibit strict control over how personal data is collected, stored, and processed, as well as take any necessary measures to reduce the risks of data breach, as per a mandated impact study.
Accountability
Enterprises are expected to implement protocols to limit the use of data to strictly necessary functions. Third parties that perform data processing for other enterprises are equally accountable for data protection.
Consent
Enterprises that collect personal information will be required to gain the explicit consent of each user, and to explain, in no uncertain terms, why they are collecting said information and how it will be used. Additionally, they must grant the user complete control over their information.
Individual Rights
Each enterprise must be able to respond to an individual’s request to access, correct, restrict, or even delete their personal information (the “right to be forgotten”) from a system.
Data Protection Officer
Companies must appoint a data protection officer (DPO) to ensure that all measures of responsibility and accountability are (and continue to be) met according to the guidelines of the GDPR.
Notification of Breach
Any company that experiences a data breach is required to alert the Data Protection Agency (DPA) within 72 hours of the event. In certain cases of high risk, they must notify potentially affected individuals as well.
Privacy by Design
Enterprises must design data protection measures into the development of business processes through “technology design” whereby data protection capabilities are intrinsically integrated into systems design from the onset, thereby mitigating privacy risks and ensuring that only necessary personal data is collected.
Ensuring compliance with the GDPR can be outlined in four steps:
Identification of personal data
Systems in which personal information is collected and stored are identified, and an inventory of those systems is created.
Evaluation of all data-handing mechanisms
The methods by which personal data is collected, stored, and processed are assessed, and a study is performed to evaluate the potential privacy impact of handing sensitive information.
Introduction of new policies and protocols
Based on the results of the impact study, implement new procedures to limit the collection and usage of personal data, provide clear opt-out options for users, and controls to detect, prevent, and report data breach.
Maintain compliance
Keep all documentation regarding the processing of data current. Manage personal information from a central location, and respond/maintain actionable user requests regarding their personal data.
Our Commitment to GDPR
At SnatchBot, our ongoing commitment to privacy and security means that GDPR compliance is supported by our fundamental values of transparency, consistency, efficiency, and innovation. Through the continual improvement of regulations, along with our own best business practices, we ensure each and every user that their personal data is as safe and secure as we can provide, and that all regulatory mandates are fully met.
