Notud provides software globally, including to European Union (EU) organisations and residents. The EU has a specific set of regulations regarding protecting the data of its citizens called the General Data Protection Regulation or ‘GDPR’. While Notud always maintains a high level of data protection, we have further addressed our specific GDPR compliance. The GDPR’s requirements apply to EU residents’ personal data and anyone involved with Notud who processes that information. The GDPR has key principles and data subject rights which are addressed in our Data Processing Addendum (download), and it outlines Notud’s commitment to meeting and being accountable to these.
This information helps demonstrate our organisation’s priority regarding data protection, privacy and security compliance and forms part of our wider commitment to accountability. It helps simplify complex obligations we have to regulations and protocols like the Australian Privacy Act and EU’s GDPR and provides the basis for our staff training and specific compliance practices.
- Created an internal Data Protection Policy, principally through our Data Processing Addendum (DPA) – download.
- Appointed a Data Protection Officer (DPO) – for more information please email firstname.lastname@example.org.
- Appointed an EU Representative – for more information please see our DPA.
- Educate all staff regarding GDPR.
- Ensure our Head of Software and Data Protection Officer (DPO) have regular meetings to update policies and staff.
- Include privacy by design principles in all development.
- Mask, de-identify and collect minimal data.
- Use individual logins and passwords to access sensitive data.
- Ensure all suppliers have appropriate safeguards if they are processing data we pass on.
- Make sure staff only access private data when necessary and with consent.
- Use templates for internal risk analysis.