The General Data Protection Regulation (GDPR), whose implementation began on 25 May 2018, applies to all the companies that are based in the EU as well as the international companies all of which are processing personal data that belong to people who are residing in the European Union.
Although many of the principles of the GDPR regulation are in fact an extension of the existing EU data protection rules, the GDPR regulation has a wider scope and stricter standards and provides significant financial penalties. For example, it sets stricter conditions in obtaining consent to the use of certain types of data and it extends the rights of individuals to access their data and its transmission. It also provides significant enforcement powers by allowing supervisors to impose financial sanctions that can amount to up to 4% of a company's total annual revenue for certain infringements.
THE COMMITMENT AND PREPARATION OF ALPHANET
Data protection is an important issue for ALFANET SA, and we fully comply with the current EU data protection law as well as the General Data Protection Regulation (GDPR).
Having already started the necessary procedures to comply with the GDPR Regulation, we undertake the following commitments:
- Transparency: Our Data Policy will remain the only means of describing the methods that we apply for processing a users’ personal data. At the same time, we will provide a range of consent options for both new and existing customers as well as recipients of our updates, alerts within the products and solutions we advertise and educational campaigns for our end customers.
- Audit: We will continue to provide to our customers and email recipients ways to control their data usage. In this context, we will always be able to exercise “the right to be forgotten” through the newsletters that we’ll be sending across.
- Accountability: We are responsible for all of our practices and we have established Privacy Control Principles that explain our rationale behind privacy and data protection. Our legal department has regular meetings with regulators and legislators, as well as privacy specialists, in order to stay up-to-date with the current legislations and also make the necessary adjustments wherever necessary.
INFORMATION FOR COMPANIES
Basic legal structures
Under the GPDR, there are several reasons for processing personal data. Below we describe the most relevant legal structures, in line with the GDPR Regulation.
- The processed data must be necessary for the execution of any project and should be set out in the contract between the individual.
- Certain and explicit consent is required, which should be given freely, after having knowledge of all the relevant information and with a clear, positive energy.
- Recipients have the right to withdraw their consent and should be informed of that specific right.
- An enterprise or other third party must have a legitimate interests which are not undermined by the rights or the interests of the individual who gives his consent for processing its personal data.
- Data processing should be ceased if there an objection is risen.
ΑLFAΝΕΤ as a data controller and as a data processor
Data Controller: Data controller is someone who defines "scope" and "means" for each case of personal data processing.
Data controllers should adopt compliance measures covering how the data is collected, the purposes for which it is used and the length of time it is retained and will ensure that natural persons have a right of access the data held.
Data processor: Data processor is someone who processes the personal data on behalf of the data controller. Also, in some cases that concern directly the data processors, the data controllers are required to bind them, so as to ensure safe and legitimate data processing.
Although ALFANET manages most of its services as a data processor, there are some cases in which it also acts as a data controller as it concerns its collaboration with other business. When ALFANET is processing data as a data processor on your behalf, your business must have its own legal basis on which to process and share data with us.