The following describes how we at Really Social protect your data in relation to GDPR
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the exportation of personal data of an EU citizen outside of the EU. This replaces the previous Data Protection Act (DPA).
This is overseen by the Information Commissioner Office (ico) and comes into force in the 25th May 2018.
GDPR defines your rights as the following;
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data processing
- Right to data portability
- Right to object
- Right related to automated decision making
Key principles of personal Data
- Processed lawfully, fairly and in a transparent manner.
- Personal data to be collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Kept in a form which permits identification for no longer that is necessary for the purpose of which the personal data that are inaccurate.
- Processed in a manner that ensures appropriate security.
What have we done to prepare for GDPR
We are always improving technology, organisational and security measures across the company, We have and are implementing changes;
Company training: We have a commitment to be compliant with GDPR, everyone working at Really Social understands GDPR and their responsibility.
Audit: We have done a company wide data audit, to document what data we hold, where it comes from and how it’s processed. Allowing us to keep track of the data in regards to where it is stored and how it is used. This is an ongoing document that allows us to make sure data is protected.
Basis and consent: By signing up to the service Really Social Media provides, you are entering into an agreement which gives us legitimate basis to process your data, in line with GDPR requirements. However to allow us to news and offers we will make sure it’s obvious you will be entering into this and you can unsubscribe from these updates at any time.
Your Rights: GDPR allows you the right to see a full copy of the data we hold about you, and the right to request it is fully deleted from our system (although we might have to keep some record to ensure that you are not contacted in the future, or to comply with any legal obligations)
Keeping your data secure
We are always improving security and how we handle your data to make sure we have your trust with the data and social media accounts we hold. When we work with third parties (subprocessors) to provide out service, we ensure that their security and data practices are in line with our own. If you find any security issues with this site or our applications please see our responsible disclosure policy.
How can you manage access to your information (DSR requests)
If you have an account with us, you may access, correct, or request a correction/deletion of your personal data by contact us at firstname.lastname@example.org. We will aim to respond to this request within 20 days or less, which is well within the GDPR requirement of 30 days.