This Briefing Statement has been prepared by LiteracyPlanet Inc (trading as LiteracyPlanet and referred to in this statement as the “LiteracyPlanet”, “Intrepica”, “we”, “us”, or “our”), to outline the steps that we are taking to try to ensure that any processing of personal data we undertake in the course of our business is secure, lawful and in compliance with the EU General Data Protection Regulation (“GDPR”) when this comes into force on 25 May 2018.
What is the GDPR?
The GDPR is the European Union’s new legislative framework to protect the personal data and privacy of EU citizens in the digital age.
The core purpose and emphasis of this legislation is entirely centred upon the rights of individuals to prevent the unlawful misuse, accidental loss, damage or destruction of their personal data.
The GDPR aims to put control of personal data into the hands of individuals (data subjects), who will be able to request access to their data, ask for their data to be erased, and require their data to be ported to another organisation.
Our policies and commitment to data protection
At LiteracyPlanet, we put trust at the foundation of our client relationships and are committed to protecting the privacy of individuals whose information is in our custody. We take the security of the personal data very seriously and understand that privacy is not just an essential part of what we do, but also a core concern for our business.
LiteracyPlanet’s policy is to comply with local laws that apply to our business related to the use of personal data and to ensure that we meet the applicable standards set out in such laws.
We have existing processes and procedures in place to meet the requirements of the current privacy regulatory regime, and we are in the process of developing these to attain GDPR compliance in advance of its implementation in May.
Our plans for GDPR compliance
In order for us to prepare for the introduction of the GDPR and achieve our compliance, we have taken expert legal advice and established an overarching business strategy that is designed to allow every part of our business to understand the scope of our privacy obligations, the rules applicable to personal data, and the steps that need to be taken to avoid a privacy breach under the GDPR.
Core to our strategy are the GDPR’s six data processing principles, which set out that personal data must be:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes;
- adequate, relevant and limited to what is necessary;
- accurate and, where necessary, kept up to date;
- retained only for as long as necessary; and
- processed in an appropriate manner to maintain security.
Our compliance strategy consists of various separate and overlapping parts that we have summarised below.
Internal audit, data mapping and gap analysis
We have carried out audits of all personal data processed by LiteracyPlanet and used this to map out the route from acquisition through all aspects of its processing to verify where data is located, why we gather it, and how we process it.
We will be recording instances where data is transferred, or stored outside of the European Economic Area, and are committed to undertaking Data Privacy Impacts Assessments (DPIAs) of all of our existing core business functions where a high risk to the rights of data subjects is identified.
With this clear map of personal data, LiteracyPlanet is able to identify all processing activity across our business and has used this to compile an inventory of processed personal data, which is assessed against the standards of the GDPR, both from a data controller and data processor perspectives, to inform areas of strength and those that can be further developed to allow us to provide an evolving and enhanced service to our clients.
Governance, documentation and accountability
In order for LiteracyPlanet to demonstrate our compliance with GDPR, the following action points have been implemented:
- We have adopted internal policies and measures which embrace data protection by design and data protection by default.
- Updated terms of business will be issued to you in respect of LiteracyPlanet services that you receive in order to ensure that appropriate contractual arrangements are in place between us governing the flow of personal data as required under the GDPR.
- Technical and organisational measures have already been implemented to protect all personal data that we process from unauthorised or unlawful processing and against accidental loss, destruction or damage, including ensuring that all transfers of personal information are and will be in compliance with the required international data transfer standards, and,
- Consent notices will be distributed where necessary, to ensure that personal information is processed fairly and lawfully by LiteracyPlanet.
- We are committed to the education and training of our employees, officers and other individuals who work for us, about GDPR.
- We have also established clear communication channels to allow our personnel, clients and other relevant third parties to report breaches or violations of the GDPR.
- LiteracyPlanet has published a revised privacy notice ((insert link) that clearly and transparently sets out the purpose/s for which we intend to process personal data, and the information that we may need to be provided to enable us to process personal data fairly and in accordance with the GDPR.
The GDPR is not a static process, and LiteracyPlanet will continue to implement and improve our data protection practices on an ongoing and evolving basis.
LiteracyPlanet is committed to ensuring a sustained culture of privacy by design within our business by using appropriate technical and organisational measures to ensure that personal data (and any new processes we use to process such data) is secure, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage through continued training, testing, document review and risk screening at every level.
What you should be doing for your own GDPR compliance
It is important to remember that you, as a business entity and data controller or processor in your own right, will have your own specific legal obligations under the GDPR.
You should be confident that any providers (data processors) which you work with have a suitably robust approach to data protection; that you understand the obligations of the GDPR; and that you are well prepared to meet them through adoption of strategies like those set out above.
What to do if you have further questions
If you would like any additional information regarding our procedures and commitment in becoming GDPR compliant, or any further information regarding your legal rights, please contact our Customer Service team or by email at firstname.lastname@example.org.
What is the GDPR?
The GDPR is a comprehensive data protection law that replaces existing European privacy laws and strengthens the protection of personal data in an increasingly data driven world. The GDPR is enforceable in each EU member state and gives individuals greater control over their personal data.
Why does it matter now?
The GDPR comes into effect on 25 May 2018. We are already fully prepared to comply with the new legislation.
What is personal data?
Any information related to a natural person (individual) that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Who does it affect?
The GDPR applies to any organisation that processes personal data of EU individuals, regardless of whether the organisation has a physical presence in the EU. For LiteracyPlanet customers, that's any school with one or more student in the EU.
What do I need to do?
For the most part, LiteracyPlanet has been compliant with these new pieces regulations for quite some time. So, for most of our customers there will be no change whatsoever. However, we wanted you to know that you and your pupil's data is safe with us.
We appreciate you taking the time to read the LiteracyPlanet Inc GDPR Statement. © 2019 LiteracyPlanet Inc.