At Xoxoday, we ensure that the data is gathered, stored and handled with respect towards individual rights. We have raised awareness among our employees and other stakeholders on how to handle the data appropriately. They now understand the importance of GDPR and information security. Our controls are placed based on the data protection impact assessment (DIPA) conducted.
GDPR (General Data Protection Regulation) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). It sets out the principles for data management and the rights of the individual. GDPR was adopted on 14 April 2016, and became enforceable from 25 May 2018.
Personal data is subject to data secrecy. Our Data Protection Officer is responsible for maintaining the confidentiality and data security and secured suitable organizational and technical measures to prevent unauthorized access, illegal processing or distribution, as well as accidental loss, modification or destruction.
When personal data is processed, the individual rights of the data subjects are protected. Personal data is collected and processed in a legal and fair manner.
Personal data is processed only for the purpose that was defined before the data was collected. Our data Protection Officer is responsible for restriction on processing of the data.
When the data is collected, the data subject will be made aware of, or informed by us.
As part of the Xoxoday operations, information is obtained from the Controllers and processed. This information shall include any offline or online data that makes a person identifiable. Xoxoday collects this information in a transparent way and only with the full cooperation and knowledge of interested parties. Once this information is available, the following rules shall apply.
We exercise data protection by:
Xoxoday has established the Data Management System and Information Security Management system to ensure that the data is managed during the conduct of business in a safe and secure manner in delivering the business values to the interested parties. Xoxoday is committed to protect the data and personally identifiable information through an organized process and prevent any breaches that may be caused due to intrusion and enforce effective access controls for applicable information assets. The company has chosen to adopt the Access Control principles established in ISO 27001: 2013 as the official policy access control domain.
At Xoxoday we have a data breach response team. It is a multi-disciplinary team comprised of knowledgeable and skilled individuals in IT Department, IT Security and Legal. The team ensures readiness for a personal data breach response, along with the needed resources and preparation (such as call lists, substitution of key roles, required review of company policies, procedures and practices). The Data Breach Response Team is prepared to respond to a suspected/alleged or actual personal data breach 24/7, year-round. The Data Breach Response Process will be initiated when anyone notices that a suspected/alleged or actual personal data breach occurs. The data breach shall be immediately notified to the Data Protection Officer.
We adapt appropriate cryptographic methodology to mask the data in rest and transit to protect the confidentiality, integrity, availability and privacy of information. Encryption of data at rest: AES 256 bit encryption, Data in transit: TLS 1.2
Privacy by design has always been an implicit requirement of GDPR principles. When developing new systems we have conducted Data Protection Impact assessment (DPIA), and our controls are placed based on the results of DPIA. By default, our processing activities are performed with data security and, more generally, compliance with the GDPR in mind. Personal data necessary for a specific purpose of processing are made accessible only with the consent of the data subjects.
Data Protection Commission - https://www.dataprotection.ie/en
GDPR – wiki https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
EU GDPR.Org - https://eugdpr.org/
GDPR Fundamental rights - https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights_en
Note: Xoxoday does not endorse these links and is not responsible for the content in these pages