Info Cubic complies with all GDPR requirements. Intended to help keep the data of individuals located within the European Union (EU) secure, the General Data Protection Regulation (GDPR), enacted on May 25, 2018, replaces the EU 1995 Data Protection Directive (Directive 95/46/EC). In the wake of countless data breaches, the GDPR significantly broadens the scope of data privacy in the EU and aims to strengthen the rights of EU residents when it comes to the privacy of their personal information. It establishes many new requirements on organizations (even those outside of the EU) who collect or process the personal data of EU residents and imposes harsh penalties for violations or non-compliance.
The GDPR has six (6) key principals:
- Lawfulness, Fairness and Transparency: Personal data should be processed lawfully, fairly and in a transparent manner in relation to the data subject.
- Purpose Limitation: Data should only be collected only for legitimate purposes and used only in the manner specified when it is collected.
- Data Minimization: The data collected should be limited to only what is necessary to achieve the specified purpose.
- Accuracy: Collected data must be accurate and, when necessary, kept up-to-date.
- Storage Limitation: Data should be stored in a form which permits data subject identification only as long as necessary for its specified purpose.
- Integrity and Confidentiality: Data should be processed in a way that ensures security of that data.
For purposes of providing our services to our customers, Info Cubic is a “data processor” under the GDPR and therefore is required to meet all requirements imposed on data processors under the regulation. Info Cubic works diligently to ensure that our operating policies and practices, as well as our products and platforms, adhere to GDRP requirements, including:
- EU-U.S. Privacy Shield Self-Certification. We self-certify compliance with the EU-US Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use and transfer of personal data from the European Union member states to the United States. More information about this program may be found here: https://www.privacyshield.gov/welcome and a list of active and inactive organizations, including Info Cubic’s certification, may be found here: https://www.privacyshield.gov/list.
- Data subject rights. Info Cubic has implemented a process where Info Cubic customers and their candidates can request details for a data subject (an EU resident) and then execute a range of actions including, when necessary, deleting all records of that data subject from our systems.
- Security. While our systems already have a high standard of security, we have completed a rigorous audit of our security practices, processes and platform. We have enhanced these practices to account for new technologies and to address new threats.
- Communication. We have updated our breach notification process to ensure full compliance with the GDPR’s requirements to enable our customers (as data controllers) to notify the appropriate authorities and data subjects concerning any data breach in events where notification is required by the GDPR.
- Cross-border data sharing. In addition to our existing certifications under the EU-US and Swiss-US Privacy Shield, and our commitments to comply with the EU Model Clauses, we have created a new Standard Data Processing Agreement for more direct compliance with the GDPR.