GDPR at 1A First Alternative

On 25 May 2018 the new European privacy regulation GDPR came into effect. Of course we have also been working hard internally to ensure full compliance with GDPR at 1A First Alternative.

We started with a complete inventory of all servers and all data thereon. Then we noted the necessary improvements for all issues. This was a lot of tedious work, but the result is satisfactory. We now have complete insight into what is stored and where, and what needs to be done in order to achieve compliance. In addition, it also provided additional security insights that are not related to the GDPR, but are important for our business operations.

We already had a procedure for data leaks. This has been mandatory since January 1, 2016. We have reviewed it again to assess whether it still meets the requirements. We also appointed a data protection officer.

Subsequently, on 23 May 2018 we updated our privacy statement. It already stated what we use data for. Now this has been extended with how long we store this data. The newsletters we send you always contain links at the bottom with which you can adjust your subscriptions. You can also completely unsubscribe yourself.

Safety of our and your data is our top priority. To substantiate this priority, we also started working on becoming ISO 27001 compliant. Many points of the GDPR are also reflected in this standard.

Safety of our and your data: ISO 27001

ISO 27001 is a standard for information security that describes how this could be arranged in a process-based manner. This international standard contains requirements for a documented system for managing information security (ISMS). This in the context of the general business risks for the organization. The ISMS is designed to ensure the selection of appropriate and proportionate security measures that protect the information and provide trust.

Definition and control are very important for the continuous guarantee of compliance. For both existing and new business processes.

Your privacy rights are important to us

The GDPR provides for a number of privacy rights, namely the right of:

access;
correction and erasure;
data portability.

Where possible, these are made available in our systems (such as My1A). This way, you have as much control as possible over your own data. Of course you can contact us at any time in regards to these rights.

More information about the content of these rights can be found on Wikipedia.