The General Data Protection Regulation (GDPR) is a European privacy law that was first adopted in 2016, and now becomes enforceable on 25 May 2018. The GDPR aims to give control to citizens and residents over their personal data and to simplify the regulatory environment for business by unifying the regulation within the EU.
The GDPR applies to ALL organizations established in the EU and to organizations, whether or not established in the EU, that process the personal data of EU data subjects (a living individual to whom personal data relates) in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behavior that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person.
Obtain Explicit Permission
Registered Communication offers various services that enable you to become GDPR compliant. The act requires that explicit permission is obtained from your customers in order for you to use their personal data in any way. This permission needs to be obtained in a way that leaves no room for misinterpretation.
The consent received also needs to be verifiable i.e. you need to be able to provide immutable evidence that you obtained consent from the correct person (data subject).
The explicit and verifiable nature of the required communication history is in line with the (South African) requirements of POPIA, RDR and TCF (and therefore also the new Insurance Act expected to commence on 1 July 2018).
Our Registered Email and Registered SMS channels provide efficient and cost-effective options to obtain the required consent and prove the full chain of custody of the customer communications, thereby confirming who wrote the message, and exactly what was agreed to.
Registered Communication’s Compliance
Registered Communication does not have any physical existence in the EU, but we have partners, customers and electronic communication channels located in the EU. We therefore need to comply with this legislation in order for us to continue offering our products and services.
Therefore, we’ve addressed the GDPR requirements that would apply to us as processors of personal data by implementing specific legal, technical and organizational measures aimed to address data privacy and security concerns.
For detailed information on our GDPR Complaint services, the data subject information that we store as part of our processes, how we use the personal information entrusted to us, and how we allow users to delete their personal information, please contact us.