...
third partyVersion | 1.0 |
Owner | CTO |
Last Updated on | 16 Jul |
Last Updated by | |
Approved by |
Effective Date: [Date you choose, after which there will be consequences for personnel for non-compliance]
Application
This policy applies to all employees, contractors, and vendors while doing business with Ecoportal and others who have access to European Union (EU) and the European Economic Area (EEA) data subject information (“personal data”) in connection with Ecoportal's operating activities.
...
The Ecoportal Information Security and Data Privacy Policies are a component of the GDPR Policies and implement controls which support GDPR compliance.
Responsible Person
[NAME], [TITLE], [EMAIL], [PHONE] Daniel Alexander, Chief Strategy Officer, daniel@ecoportal.co.nz has been assigned responsibility for overall oversight of Ecoportal's GDPR compliance program.
...
The Data Protection Officer is: [NAME], [TITLE], [EMAIL], [PHONE]Daniel Alexander, Chief Strategy Officer, daniel@ecoportal.co.nz
Article 27 Local Representative
...
Representative(s) is/are:
EU Representative: [NAME], [TITLE], [EMAIL], [PHONE], [COUNTRY]Representative:
Rickert Rechtsanwaltsgesellschaft mbH
Colmantstraße 15
53115 Bonn
Germany
UK Representative:
Rickert Services Ltd UK
PO Box 1487
Peterborough
PE1 9XX
United Kingdom
Implementation
Data Protection
...
Collect the data specified by the data subject
Search all databases and all relevant filing systems (manual files) in Ecoportal, including all back up and archived files, whether computerized or manual, and including all email folders and archives. Ecoportal maintains a record that identifies where personal data in Ecoportal is stored.
Ecoportal will maintain a record of requests for data and of its receipt accessible by Ecoportal's Data Protection Officer, [Chief Legal Data Protection Officer], and/or any other designated Ecoportal representatives. Ecoportal will also keep a record of processing to include dates.
Provide data subjects an online mechanism to making request and all such requests will be logged.
Ecoportal will acknowledge the SAR within three (3) days of the initial request and respond to any SAR within 25 days of the initial request.
SARs from employees or previous employees will be coordinated with HR and the employees' current or previous departmental leadership.
...
Ecoportal may withhold information requested under SAR in accordance with Article 23 of the GDPR or any similar exemption under applicable law. Any such exemption must be reviewed and approved by the Data Protection Officer or [Chief Legal Data Protection Officer].
SAR Limits
Where permitted by law, such as Article 15 of the GDPR, for any further copies of personal data collected by Ecoportal that are requested by the data subject, Ecoportal may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic format.
...
All external communications with customers, regulators and law enforcement shall be approved by Ecoportal
Enforcement
The [roles responsible for the enforcement of this policy, e.g., Chief Human Resources Officer, HIPAA Security Officer, Chief Information Security Officer and Legal Counsel] Data Protection Officer are responsible for the enforcement of this policy.
...