The General data protection regulation (GDPR) got operationalized on May 25th, 2018. The regulation deals with data protection and privacy of Individual data subjects.
The regulation puts the onus of data protection and privacy on the data controller who has to ensure that the data processor follows GDPR guidelines to remain compliant towards GDPR, enabling the protection of personal data of Individuals (Data Subjects) residing in European Union (EU) and United Kingdom, irrespective of the fact wherever such data is processed.
United Kingdom-based on the principles of GDPR, enacted its new legislation of data protection act (DPA). The DPA 2018 is the third generation of data protection laws, replacing the 1988 act on May 25, 2018, when GDPR comes into force, and aims to rebuild data protection rules to maintain their effectiveness in the years ahead.
After Brexit, a new domestic data privacy law called the UK-GDPR took effect on January 31, 2020, which alongside with the Data Protection Act of 2018 & the PECR is the framework which governs all processing of personal data from individuals located inside the United Kingdom. The UK-GDPR is almost identical to the EU’s GDPR.
India also, in a recent judgment of the Hon’ble Supreme Court declared the right to privacy as a fundamental right and has provided much-needed push for introducing a robust and comprehensive data protection legislation in India Accordingly a data privacy Bill was introduced in Lok Sabha (lower house) on 11th December 2019, and is being currently being analyzed by Joint Parliamentary committee and will be passed soon. The bill is on the line of GDPR and its main aim is to protect fundamental right to privacy.
AcoBloom International’s clients generally are data controllers or data processors, while AcoBloom acts as a data processor or data sub processor.
The data controller determines the legal means and purpose of processing of personal data of the data subject, while data processor processes the personal data on behalf of data controller or where we are data sub-processor, we process data on behalf of data processor. Although, as per GDPR regulations Data controllers are responsible for GDPR compliance, but we as data processor or data sub-processor consider ourselves as equally responsible for implementing organizational and Data security policies enabling privacy by design and default, demonstrating that data processing at our end is secured and protected enabling data controllers or data processors as applicable to be fully confident about data privacy and security while sharing their or their client’s data.
Data or Cyber security is of utmost importance to AcoBloom, we have carried out the process of identifying the risk, implementing the security controls to mitigate risk in terms of physical security, Network security, Human resource training and confidentially and work from home security measures. Our Data security and privacy strategy is divided into:
- Our Approach towards data Privacy and security
- Data Privacy and Data Protection methodology and measures. We have full – fledged Information security management system manual to ensure that we conduct our activities in such a way we use the information for law full purpose, and the information assets are optimally protected in accordance with the principles of security, availability, processing integrity, confidentiality and privacy.
- Business Continuity Plan
- Our Commitment towards data security and data privacy