GDPR Compliance Policy
for DIGI5 LTD
1. Introduction
DIGI5 LTD is committed to protecting the privacy and security of personal data processed in the course of its business operations. This General Data Protection Regulation (GDPR) Compliance Policy outlines our approach to data protection and the measures we have implemented to ensure compliance with the GDPR.
2. Scope
This policy applies to all personal data processed by DIGI5 LTD, including data processed on behalf of our clients.
3. Data Protection Principles
DIGI5 LTD adheres to the following GDPR principles:
3.1 Lawfulness, Fairness, and Transparency
We process personal data lawfully, fairly, and in a transparent manner.
3.2 Purpose Limitation
We collect personal data for specified, explicit, and legitimate purposes and do not process it further in a manner that is incompatible with those purposes.
3.3 Data Minimization
We only process personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
3.4 Accuracy
We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
3.5 Storage Limitation
We retain personal data for no longer than is necessary for the purposes for which it is processed.
3.6 Integrity and Confidentiality
We process personal data in a manner that ensures its security, integrity, and confidentiality.
3.7 Accountability
We demonstrate compliance with GDPR principles and are responsible for ensuring that we can evidence compliance.
4. Data Subject Rights
DIGI5 LTD recognizes and respects the rights of data subjects under the GDPR, including the right to access, rectification, erasure, and the right to object to processing.
5. Data Security
We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the encryption of personal data, regular security assessments, and staff training.
6. Data Breach Response
DIGI5 LTD has established procedures for identifying, reporting, and managing data breaches by GDPR requirements.
7. Data Processing Records
We maintain records of all data processing activities, including the purposes of processing, categories of personal data processed, and details of any third-party data processors.
8. Data Protection Impact Assessments (DPIA)
Where necessary, DIGI5 LTD conducts DPIAs to assess and mitigate the risks associated with data processing activities that may result in high risks to the rights and freedoms of data subjects.
9. Data Processing Agreements
We enter into GDPR-compliant data processing agreements with third parties that process personal data on our behalf.
10. Data Protection Officer
DIGI5 LTD has appointed a Data Protection Officer (DPO) to oversee compliance with the GDPR and act as a point of contact for data subjects and supervisory authorities.
11. Training and Awareness
We provide regular training to our employees to ensure awareness and understanding of data protection obligations.
12. Review and Update
This policy is regularly reviewed and updated to ensure ongoing compliance with the GDPR and any relevant changes in data protection laws.
13. Contact Information
For any questions or concerns related to data protection at DIGI5 LTD, please contact our Data Protection Officer at office@digi5.net