<aside> 💡 Policy name: GDPR Compliance Policy Owner: Jean-Baptiste Gariel - CTO Creation Date: Nov 26, 2020
Copy of Revision History
The General European Data Protection Regulation (GDPR) begins on 25 May 2018. This important piece of regulation entails new obligations for companies such as Allphins which process personal data. GDPR also establishes new rights for the people whose data is being processed, in particular the right to forget and the right to data portability.
Allphins has already taken all the necessary measures to be GDPR compliant, and therefore offers its services within a secure and clear legal framework. Since the beginning of its activities, Allphins’ main focus has been the protection of personal data and the application of GDPR provides an opportunity to strengthen this protection for the benefit of Allphins' customers and, ultimately, the people whose data is processed.
Among the measures implemented by Allphins to ensure GDPR compliance:
the establishment of a clear contractual framework, where the obligations and responsibilities of Allphins and its customers with regards to the collection and processing of personal data are precisely defined.
It should be noted that, as part of the services offered to its customers, Allphins acts as a subcontractor for them. It is therefore also the responsibility of the latter to ensure that their operations comply with GDPR, in particular with regards to the collection of personal data which is then transmitted to Allphins;
the creation by Allphins of a register of processing operations, identifying and updating all processing operations carried out on the personal data transmitted to it;
the implementation of a procedure to secure personal data to reduce as much as possible the risks of data breach, and the implementation of a CNIL (Commission nationale de l’informatique et des libertés) information protocol in the event of such a breach;
the appointment of a Data Protection Officer (DPO), who is responsible for ensuring internal compliance with Allphins' data protection policy and acting as an interface with the CNIL.