GDPR - General Data Protection Regulation
Published: 24th May, 2018
General Data Protection Regulation (GDPR) (EU) 2016/679
What exactly is GDPR?
GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data's owner. The business must allow this permission to be withdrawn at any time.
What is a lawful basis for processing?
Data may not be processed unless there is at least one lawful basis to do so, these include:
- The data subject has given consent to the processing of personal data for one or more specific purposes.
- Processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Processing is necessary to protect the vital interests of the data subject or of another natural person.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular if the data subject is a child.
If consent is used as the lawful basis for processing, consent must be explicit for data collected and the purposes data is used.
What is Johnson & Allen doing?
The deadline for compliance to the General Data Protection Regulation (GDPR) is the 25th May 2018. After this date we require a ‘lawful basis’ to collect, store and/or process any personal or sensitive data you provide to us.
Johnson & Allen is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data.
The examples of customer data we hold includes, but is not limited to:
- General contact details (name, address, telephone number, email address)
- Company VAT number
- Bank details
Information is kept in our system and only disclosed to third parties if requested for lawful or legal purposes.
The data will be stored on paper and/or digital format at our secure site and only accessed by persons authorised to do so. We will hold only the minimum amount of data required and when the data is no longer required for our trading purposes it will be deleted/destroyed securely.
Johnson & Allen will maintain their commitment to keeping the data we store secure and will continue to operate in much the same way they always have.
How can I hear about promotions?
Johnson & Allen has in the past sent out flyers, information and promotional material to customers which we will not be able to do without explicit consent from the 25th May 2018. If you would like Johnson & Allen to stay in touch then please drop us an email and ask to be added to our mailing list.
Alternatively regularly visit the Johnson & Allen website or social media accounts for new products and news.