Power-MI is GDPR ready
At power-mi.com, nothing to us is more important than the success of our customers and the protection of their personal data. With customers in nearly every country in the world, we adhere to the General Data Protection Regulation (GDPR). The GDPR expands the privacy rights granted to European individuals and requires certain companies that process the personal data of European individuals to comply with a new set of regulations. In particular, the GDPR may apply to companies that process the personal data of European individuals and have a presence in the EU (e.g. offices or establishments) and to companies that do not have any presence in the EU but target the European market (e.g. by offering goods or services to the European market) or monitor the behavior of European individuals. We?re here to help our customers in their efforts to comply with the GDPR.
What is the ‘General Data Protection Regulation’?
The General Data Protection Regulation (“GDPR”) is a European Regulation on the protection of personal data that came into effect on 25 May 2018. GDPR grants data subjects a higher level of control over their personal data while requiring the Companies to be more transparent in their data processing activities.
What steps were taken by Power-MI following the GDPR requirements?
We have undergone a thorough GDPR compliance review and have taken all the required steps to ensure the protection of all personal data that we process. Some of the steps we have taken towards becoming GDPR compliant include:
-
GDPR Training
We organized GDPR training for all Power-MI employees to ensure that every member of the organization understands our data protection obligations.
-
Updated GDPR Compliant Privacy Notice
We have also updated our Privacy Notice to be in compliance with GDPR. Our new Privacy Notice offers transparency and informs data subjects of what personal data is processed by Power-MI, with whom it is shared, how long Power-MI retains this personal data, as well as subject access rights.
-
Subject Access Request Mechanism
We have also made it easy for our users to make subject access requests from us by providing a dedicated email address.
-
Data Retention
We have also implemented new Data Retention Schedules to ensure that personal data is retained only for that duration and securely discarded after the expiration of the retention period.
-
Data Breach Response Planning
We collect minimum personal data to reduce the risk and impact of any personal data breach for our users. We have also implemented a new Data Breach Response Policy and Procedures for our organization.
-
Review of our Processors
During our compliance review, we also reviewed all third-party processors we make use of to ensure that they are also offering the data protection that is required by GDPR.
-
Records of Processing Activities
We created complete records of our data processing activities which enabled us to have a good understanding of all personal data that we process, what we need to do to ensure all personal data is protected and how we can enable subject access rights.
Does the GDPR prevent a company from storing data outside of the EU?
Nothing in the GDPR prevents businesses from storing data outside of the EU, provided that the data processors adhere to the necessary regulations and protections. At Power-MI, we store our data with Pantheon.io, which is based in the US. Like Power-MI, Pantheon.io has announced that it is GDPR ready.
Where can I learn more about GDPR?
Additional information is available on the official GDPR website of the European Union.
I have more questions. Who should I contact?
If you have any questions, concerns or comments about our GDPR Compliance. Please contact us at admin@power-mi.com.