AIMS INTERNATIONAL AND THE GDPR
To tell you how we handle your data we just tell you that we process them having in mind a very simple principle: respecting you.
That’s why we have moved in time in order to comply with the new European Data protection law about, the GDPR.
To make you understand what we’re doing in preparing our compliance to the new law we’d like to provide some important news about our GDPR project and tell you how much this activity is strategic for us in order to reinforce your trust in Aims International.
- Assessing all our processes involving personal data:
We have been mapping personal data processed by the company, reviewing methods of processing, evaluating security measures applied
- Creating a Data Protection Governance:
Reviewing how our organisation manages privacy, designating new privacy roles, assigning responsibilities, ensuring data protection is managed at all level of our organisation also launching specific training and awareness programs
- Embedding Privacy into Operations:
Setting new rules, redefine operational procedures, review all the information and documental systems
- Assessing Third Parties:
When we entrust part of data processing externally, we want to make sure that third parties will protect data as we do: we’re assessing their organization, updating their contracts with us, evaluating all IT and software applications by evaluating their capacity of ensuring a proper protection to personal data
- Creating a Record of Processing Activities:
One of the most important requirements of the GDPR. It will be the real “control room” about all our processing activities under our responsibility. What, who, where, why and how personal data are being processed, internally and externally of our company
- Risk Analysis and DPIA (Data Protection Impact Assessment):
Are there any risk for individuals while we’re using their data? We’ve been assessing the risk of our existing processing activities and, should potential high risk to individuals’ be present, we have a DPIA methodology ready to be performed in order to calculate the risk level and mitigate it through additional organisational and technical measures, as required by the GDPR. Any new processing activity will be submitted, by-design, to this process.
- Data Breach procedure:
Security incidents could happen every day: someone leaves a secure door unlocked, or a sensitive paper file exposed on their desk. We are working on improving our security measures and establishing data breach policies, recording any incident could happen, being able to manage in a timely fashion when it occurs
- Updating Privacy Notices and Consent management:
We are reviewing all our Privacy Notices published in order to respect the new requirements stated the GDPR and to improve awareness, comprehensiveness and transparency of our communication. When you’ll be asked for a consent you’ll be more aware about what you ‘re giving permission to
- Improving processes to respond to your rights and requests:
We’re working on new policies and procedures to address possible requests from individuals to access personal data processed and to guarantee the exercise of the data subjects rights. You have the right to access, correct, erase, object or restrict processing of your personal data. You can also ask for the portability of your data, which means that you have the right to receive the personal data we’re processing in a commonly used format and to ask us to transfer that data to another controller, if you request so.