by SB Business Guild
The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th of May 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardize data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
The SB Business Guild (‘we’ or ‘us’ or ‘our’) is committed to ensuring the security and protection of the personal information (‘you’ or ‘your’) that we process, and to provide a compliant and consistent approach to your data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by SBBG ethics. However, we recognize our obligations in updating and expanding this program to meet the demands of the European GDPR and American data protection laws.
The SB Business Guild is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of these Regulations. Our preparation and objectives for GDPR compliance are summarized in this statement and include the implementation of data protection roles, policies, procedures and controls to ensure ongoing compliance.
How We Prepared for the GDPR
The SB Business Guild already has a consistent level of data protection and security across our organisation, however it is our aim to be fully compliant with the GDPR by 25th January 2019. Our preparation includes:
- Information Audit – a company-wide information audit to identify what personal information we hold, where it comes from, how and why it is processed, and if and to whom it is disclosed.
- Direct Marketing – the wording and processes for direct marketing includes clear opt-in/opt-out mechanisms for marketing subscriptions; and provides unsubscribe features on all subsequent marketing materials.
- Processor Agreements – where we use any third-party to process personal information on our behalf (i.e. newsletter providers), we use due diligence procedures for ensuring that they (as well as we), meet any GDPR obligations.
Your Rights to Your Data
In addition to the policies and procedures mentioned above that ensure individuals can enforce their own data protection rights, we provide you easy to access information via company email of your right to access any personal information that SB Business Guild processes about you and to request information about:
- What personal data we hold about you (usually name, contact info, and/or address only)
- The purposes of the processing (newsletters or SBBG promotions)
- The recipients to whom the personal data has/will be disclosed (no one)
- How long we intend to store your personal data (usually indefinite)
- If we did not collect the data directly from you, information about the source
- The right to have inaccurate data about you corrected and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws
- The right to object to any direct marketing from us
- The right to be informed of any automated decision-making
- The right to lodge a complaint or seek judicial remedy
Information Security & Technical and Organizational Measures
The SB Business Guild takes the privacy and security of individuals and their personal information very seriously and takes every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including:
- SSL certificates on website
- Website firewalls
- Restricted access by SBBG officers only
- Access by encrypted passwords only
- Authentication of every access event
- On-going documentation of every access event
- GDPR compliance procedures used by third-parties
- Annual re-evaluation and update of GDPR procedures
GDPR Personnel Roles
The SB Business Guild has designated the SBBG Secretaryas our Appointed Person to develop and implement our roadmap for complying with the new data protection Regulation. That person is responsible for assessing our GDPR compliance, identifying any gap areas, and implementing new policies, procedures and measures as needed. If you have any questions about our preparation for the GDPR, please contactthe SBBG Secretary or the SBBG President or any SBBG Officer.