GDPR - General Data Protection Regulation

Ethical's Software, Systems and Services support to EU-GDPR compliance

The EU General Data Protection Regulation (“GDPR”) entered into force across the European Union on 25th May 2018 and brought with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR applies to treatments of data related to European Citizens made by any entity.

How Ethical committed to EU - GDPR Regulation

Ethical GmbH is committed to ensuring the security and protection of the personal information that we process and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we have updated and expanded our program to meet the demands of the GDPR.

Data Subjects Rights

In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information about each individual’s right to access any personal information that Ethical GmbH processes and to request information about our related data processes

Customer, Employee and Data Subject Complaints

Although in keeping with GDPR provisions Ethical GmbH does not need to appoint a formal Data Protection Officer a named individual has been tasked with receiving and managing complaints. This includes but is not limited to seeking legal advice and deciding on corrective and, if applicable, preventive actions.

EU-GDPR Preparation

Ethical's preparation affected Information Audits, Policies and Procedures (Data Protection, Data Retention and Erasure, Data Breaches, International Data Transfers, Third-Party Disclosures) Legal Basis for Processing, Privacy Notice/policies, Obtaining Consent, Direct Marketing, Data Protection Impact Assessments (DPIA), Processor Agreements, Special Categories Data.

EU-GDPR Specific Training Programs

Ethical GmbH understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans. We have implemented an employee specific training program that has been provided to all employees and became part of our induction and annual training program.

Information Security and Organisational Measures

We revised our information security policies and procedures aimed to protect personal information from unauthorized access, alteration, disclosure or destruction. We have furthermore in place several layers of security measures, including: SSL Encryption, Access controls, Password policy enforcement, Data encryptions, Authentication, Firewalling.