What is the ‘General Data Protection Regulation’?

    The General Data Protection Regulation (“GDPR”) is a European Regulation on the protection of personal data that came into effect on 25 May 2018. GDPR grants data subjects a higher level of control over their personal data while requiring the Companies to be more transparent in their data processing activities.

    What steps were taken by Power-MI following the GDPR requirements?

    We have undergone a thorough GDPR compliance review and have taken all the required steps to ensure the protection of all personal data that we process. Some of the steps we have taken towards becoming GDPR compliant include:

    1. GDPR Training

      We organized GDPR training for all Power-MI employees to ensure that every member of the organization understands our data protection obligations.

    2. Updated GDPR Compliant Privacy Notice

      We have also updated our Privacy Notice to be in compliance with GDPR. Our new Privacy Notice offers transparency and informs data subjects of what personal data is processed by Power-MI, with whom it is shared, how long Power-MI retains this personal data, as well as subject access rights.

    3. Subject Access Request Mechanism

      We have also made it easy for our users to make subject access requests from us by providing a dedicated email address.

    4. Data Retention

      We have also implemented new Data Retention Schedules to ensure that personal data is retained only for that duration and securely discarded after the expiration of the retention period.

    5. Data Breach Response Planning

      We collect minimum personal data to reduce the risk and impact of any personal data breach for our users. We have also implemented a new Data Breach Response Policy and Procedures for our organization.

    6. Review of our Processors

      During our compliance review, we also reviewed all third-party processors we make use of to ensure that they are also offering the data protection that is required by GDPR.

    7. Records of Processing Activities

      We created complete records of our data processing activities which enabled us to have a good understanding of all personal data that we process, what we need to do to ensure all personal data is protected and how we can enable subject access rights.

    Does the GDPR prevent a company from storing data outside of the EU?

    Nothing in the GDPR prevents businesses from storing data outside of the EU, provided that the data processors adhere to the necessary regulations and protections. At Power-MI, we store our data with Pantheon.io, which is based in the US. Like Power-MI, Pantheon.io has announced that it is GDPR ready.

    Where can I learn more about GDPR?

    Additional information is available on the official GDPR website of the European Union.

    I have more questions. Who should I contact?

    If you have any questions, concerns or comments about our GDPR Compliance. Please contact us at admin@power-mi.com.