Interactive FX has always been fully committed to the safety and security of our users’ personal information, and now we are equally dedicated to being compliant with forthcoming regulations of data protection.
The pending General Data Protection Regulation, or GDPR, will take effect on 25 May 2018, making enforceable new regulations regarding the collecting, storing, and processing of personal data for all citizens of the European Union member states. The goal of the GDPR is to not only replace the previous Data Protection Directive of 1995, but to strengthen the digital rights of individuals, regarding who can retain their data and how it may be used.
The enactment of the GDPR is motivating business from around the world to reassess the ways in which they are handling personal information. The regulations involve new levels of responsibility and accountability for any enterprise that collects, stores, or processes personal data of EU citizens—even those outside the European Union.
GDPR compliance is mandatory, and will require each and every company to demonstrate complete transparency and honesty in operational and technological dealings with personal data of EU citizens. The purposes of data collection must be stated clearly, and the consent of a user, in no uncertain terms, is necessary.
Strengthen individual’s rights to protection of their data
Keep pace with technology. and enhance protection against unwarranted use of personal data
Harmonize data protection laws inside and outside the European Union
The steps that must be taken to become (and remain) GDPR compliant include security obligations, enacting impact studies, appointing a data protection officer, and ensuring privacy by design, to name a few. Enterprises that do not meet compliance requirements by the enforcement date in May 2018 can be subject to heavy penalties.
Since its inception, Interactive FX has considered the protection of our users’ data our utmost priority.
As such, we are fully committed to comply not only with the GDPR, but with all global standards, as the reach of our user base spans around the world.
The GDPR applies to any and all businesses that collect, store, and process personal data of EU citizens, including those that operate outside of EU member states.
Enterprises are expected to implement protocols to limit use of data to strictly necessary functions.
Businesses must exhibit strict control over how personal data is collected, stored, and processed, as well as take any necessary measures to reduce the risks of data breach, as per a mandated impact study.
Enterprises that collect personal information will be required to gain the explicit consent of each user, and to explain, in no uncertain terms, why they are collecting said information and how it will be used. Additionally, they must grant the user complete control over their information.
Each enterprise must be able to respond to an individual’s request to access, correct, restrict, or even delete their personal information (the “right to be forgotten”) from a system.
Companies must appoint a data protection officer (DPO) to ensure that all measures of responsibility and accountability are (and continue to be) met according to the guidelines of the GDPR.
Any company that experiences a data breach is required to alert the Data Protection Agency (DPA) within 72 hours of the event. In certain cases of high risk, they must notify potentially affected individuals as well.
Enterprises must design data protection measures into the development of business processes, thereby mitigating privacy risks and ensuring that only necessary personal data is collected.
Systems in which personal information is collected and stored are identified, and an inventory of those systems is created.
The methods by which personal data is collected, stored, and processed are assessed, and a study is performed to evaluate the potential privacy impact of handing sensitive information.
Based on the results of the impact study, implement new procedures to limit the collection and usage of personal data, provide clear opt-out options for users, and controls to detect, prevent, and report data breach.
Keep all documentation regarding the processing of data current. Manage personal information from a central location, and respond/maintain actionable user requests regarding their personal data.
At Interactive FX, our ongoing commitment to privacy and security means that GDPR compliance is supported by our fundamental values of transparency, consistency, efficiency, and innovation. Through the continual improvement of regulations, along with our own best business practices, we ensure each and every user that their personal data is as safe and secure as we can provide, and that all regulatory mandates are fully met.