ITEXACT is a data controller and in some instances a data processor that takes the privacy and security of individuals and their personal data very seriously. In seeking to ensure continuing compliance with new and extended requirements set out in the General Data Protection Regulation (GDPR). The Company is developing additional measures and implementing operational changes to further protect and secure the personal data we process.
We have in place a GDPR project plan that aligns itself with the Information Commissioners Office’s action plan. The plan understands our obligations through analysing the GDPR requirements. Our dedicated resource is driving the journey towards GDPR compliance across the Group. Some of our ongoing initiatives are:
Classifying Personal Data
We have identified the personal datasets processed by us and are documenting the various sources of data leading up to our GDPR implementation.
Training & Awareness
We are fully aware that continuous employee awareness and understanding is vital to the continued compliance of the GDPR programme and have implemented an employee training program that will form part of our induction and annual training program.
Review of consent
We have reviewed our existing marketing practices, and associated consents, to ensure that these are transparent, fair and GDPR-ready.
One of the most important aspects of GDPR is accountability and how we collect and use personal data. We have ways to ensure that we can provide better transparency to ensure individuals can enforce their data privacy rights, we will be updating our website(s) privacy notice to reflect this.
Data privacy and data security are two sides of the same coin. As other businesses tighten their data security measures, we are also doing the same by streamlining processes, updating IT policies and procedures that provide end-to-end security from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in development.
International data transfers
We will continue to ensure our contractual commitments to meet the requirements to validly transfer personal data from the EU to the rest of the world under applicable law.
It is important to recognise that compliance is a shared responsibility and all organisations will need to adapt business processes and data management practices accordingly. Our internal cross functional team will continue to monitor our GDPR compliance programme.
From time to time, we reserve the right to revise this Statement with additional information relating to further developments concerning our GDPR compliance programme.