GDPR Policy

EU General Data Protection Regulation (GDPR) and Adan Corporate's approach to GDPR readiness

Last updated: 24 May 2019

On 25 May 2019, the most significant piece of European data protection legislation to be introduced in 20 years will come into force. The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.

You can count on the fact that Adan Corporate is committed to GDPR compliance across its services. We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts over the years.

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years.

Adan Corporate has been working on ensuring that we meet the GDPR-related obligations, such as the ability for data subjects (customers, employees or 3rd parties whose personal data can be used, stored, or processed by organizations) to manage their consent preferences ("Privacy By Design") and submit Data Subject Access Requests (DSARs).

Right to Access

Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them are being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format.

Right to be Forgotten (Data Erasure)

The right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.

Data Portability

GDPR introduces data portability - the right for a data subject to receive the personal data concerning them, which they have previously provided in a "commonly use and machine readable format" and have the right to transmit that data to another controller.

Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) for organizational oversight. We are making GDPR an all-hands effort across product, marketing, success, and sales. We are committed to sharing our own best practices for reviewing partners, communicating with EU citizens and sharing our flow steps for removing or coordinating the removal of data from our systems. Contact dpo@adancorporate.com.

GDPR

Frequently Asked Questions (FAQs)

With implementation of the General Data Protection Regulation (GDPR) imminent, we understand that, as a client or prospective client of Adan Corporate ("Adan"), you are likely to have some questions around what we have been doing and are doing, to prepare for GDPR. We have produced a series of frequently asked questions (FAQs) which should cover some, if not all, of those questions.

Has Adan commenced a GDPR readiness programme and, if so, what is its current status?

Data protection compliance is fundamental to our business and, as a result, Adan has taken a keen interest in GDPR since the draft text was first released as part of the EU's legislative process. Since then, we have been working diligently with our clients, contacts and our internal stakeholders to assess the potential impact of GDPR on our business and the industry more generally and to identify any changes that will need to be implemented to comply with the enhanced requirements set out in GDPR. Our GDPR readiness programme has been under way for some time now and is now in implementation phase. This means that we are working to a project plan that encompasses the major data assets across our business. It includes controls to review our processes and policies and our internal documentation for GDPR accountability standards.

Will Adan be issuing new standard terms and conditions?

To support our clients in managing their GDPR compliance, and in continued delivery of our services to our clients, we will be issuing GDPR standard contract terms that meet Article 28 processor requirements.

Is Adan's GDPR readiness programme supported by the Board?

Yes, as a business reliant on market intelligence, compliance with data protection legislation is crucial and our Board members are fully supportive and engaged with our GDPR readiness programme.

Has Adan appointed a Data Protection Officer?

We have appointed Chennakeshav Adya, as our Data Protection Officer (DPO). He is reachable at dpo@adancorporate.com for further enquiries.

When does Adan expect to be compliant with GDPR requirements?

Adan's GDPR readiness programme is well underway. We have, for some time now, been working with all business areas and stakeholders with a view to moving our business towards compliance with all GDPR requirements ahead of the 25 May 2019 deadline.

How will Adan ensure that it maintains compliance with the requirements of GDPR, on an ongoing basis, post GDPR?

We see our GDPR programme as the first phase of a long term plan. As is the case for all organisations processing personal data, the important factor is not just to be compliant on 25 May 2019, but to maintain compliance on an ongoing basis. We have robust processes and procedures in place to manage compliance with existing data protection legislation and, as part of our GDPR readiness plan, we have reviewed those processes and procedures to ensure that they are fit for purpose under the new regime.

Will Adan be able to continue to provide the same services as it does today post GDPR? What products and services from Adan will be impacted by GDPR and how?

As mentioned above, as part of our GDPR readiness programme, we are working through all products, services and data processing activities undertaken by Adan in order to identify what, if any, changes will need to be implemented prior to 25 May 2019. This project is ongoing however, as mentioned above, GDPR does not, contain anything which, at a fundamental level, would prevent Adan from continuing to promote our current services.

Enhanced requirements, data subjects' rights and consent

Has Adan implemented processes and procedures to be able to comply with the data subjects' rights provided for in GDPR?

Part of our GDPR readiness programme has involved assessing the processes and systems we already have in place to comply with rights currently available to data subjects under the Data Protection Act 1998. As part of this assessment we have also identified what, if any, changes will need to be implemented to ensure that we can, from 25 May 2019, comply with the enhanced rights set out in GDPR. As part of the transparency requirements, we will be working to ensure that individuals are aware of, and understand, when these rights apply.

What is Adan doing to ensure that it complies with the enhanced information requirements set out in GDPR?

Adan fully supports the drive towards greater transparency. Our corporate strategy seeks to put our customers at the heart of everything we do and, being open and transparent, is a crucial element of achieving this. We are working with all stakeholders within our business, industry bodies, suppliers and clients with a view to ensuring that all privacy notices and data collection notices that feed into our business will be compliant with these requirements in advance of the 25 May 2019 deadline. We have also been engaging with the Information Commissioner's Office (ICO) to ensure that the approach being taken is in line with the expectations, particularly in the critical area of credit information transparency.

Does Adan have processes in place to ensure that it can detect, investigate and report data breaches in accordance with GDPR requirements?

Yes, the security of all data (including personal data) that we hold is highly important to us. Not only do we implement data security measures to protect it but we also have processes and procedures in place to ensure that, in the event of a breach, it will be detected, investigated and managed efficiently.

Does Adan conduct Privacy Impact Assessments (PIAs)?

The core principles of PIAs can be applied to any project which involves the use of personal data, or to any other activity which could have an impact on the privacy of individuals. To date, Adan have not taken part in projects which use data in this way, should this change in the future, we will follow the ICO code of practice to ascertain whether a PIA is required.

Information security

Adan has implemented and uses technical measures and security policies that are aimed at protecting the personal data it has under its control from:
+  unauthorised access;
+  improper use or disclosure;
+  unauthorised modification;
+  unlawful destruction or accidental loss.

All Adan personnel are required to keep personal information confidential and only authorised persons have access to such information.

Business Relationships

This Website contains links to other Websites. Adan is not responsible for the privacy practices or the content of such Websites.

Complaints procedure

If you have a complaint about how we have handled your personal data, contact the DPO at dpo@adancorporate.com and we will investigate your complaint. Please contact us via email at gdpr@adancorporate.com to instruct us to cease processing your personal data.

Contacting Us

If you have any questions or comments about our GDPR policy or practices, please contact us via email at gdpr@adancorporate.com. Adan reserves the right to modify or update the GDPR policy at any time without notice.