On May 25, 2018, the member countries of the European Union (EU), including the United Kingdom, began to enforce a new data protection regulation, the General Data Protection Regulation or Regulation (GDPR). The GDPR is designed to harmonize data privacy laws across Europe at a higher level, to protect the personal data of residents of EU countries and empower them to be proactive about the treatment of their personal data by organizations that collect or use it, and to reshape the way organizations throughout the world approach data privacy.
Who does the GDPR impact?
The GDPR applies to organizations located within all EU countries, which comprises most of Europe, in addition to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, natural persons or ‘data subjects’ located in the European Union. It applies to all companies’ processing personal data, which means collecting, recording, organizing, using, storing, modifying or disclosing the personal data of data subjects residing in the EU, regardless of the company’s location.
What steps has NPSBank taken to comply with GDPR?
- Mapping an overview of all our systems to document the use of personal data.
- Reviewing and revising our vendor agreements and implementing new processes to address the GDPR sub-processor requirements.
- Making technical changes to our platform that will enable us to support the GDPR’s requirements and the enhanced rights of data subjects.
- How NPSBank demonstrate compliance with GDPR? To our knowledge we have fully complied with it’s requirements and have reviewed our compliance with legal council.
- What constitutes “personal data” under GDPR?
- Any information related to a natural person (called “data subject”) resident in the EU that can be used directly or indirectly to identify that person. It can be anything from a name, a photo, an email address, job title, or company to an identification number, location/GPS data, or a factor specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the data subject.
What personal data does NPSBank collect from its users?
When you fill out registration to a trial use of NPSBank software, customer support forms, request a demo, buy a product or ask to receive our blog, special discounts or offers or participate in the NPSBank Community on the NPSBank website (www.npsbank.com), or proactively provide us with other personal information, we collect that information. For example, to create an account we ask only for an email address and password. In other circumstances, such as when you complete a form related to the purchase/license of a particular product offering, we may need you to provide other information, which may include your name, phone number, payment information, and/or postal address.
In addition, your device automatically provides information to us so we can respond and customize our response to you. This generally includes technical information about your computers, such as your IP address or another device identifier, the type of device you use, and operating system version. It may also include usage information and information associated with your interaction with NPSBank.
What does NPSBank do to keep its users’ personal data/information safe?
User privacy is at the core of our business. We are regularly enhancing and updating our security platforms, procedures and methods to better protect our users’ personal information and protect their right to anonymity.
Who should I contact if I have further questions about GDPR compliance and my relationship with NPSBank?
For more information about NPSBank and GDPR, please contact us. Further information on GDPR specifically can be found at www.eugdpr.org.
— The NPSBank Team