- background to statement
On the 25th May 2018, the EU General Data Protection Regulation (GDPR) came into force, replacing the existing 1995 EU Data Protection Directive (European Directive 95/46/EC). The GDPR brings with it the most significant changes to data protection law in the EU in two decades. Importantly, the GDPR is intended to have extra territorial application and may be applicable to Australian businesses.
Australian businesses must comply with the GDPR where it processes (meaning it collects, uses and discloses) personal data of individuals and either has an office in the EU, or has processing activities which are related to offering goods and services to, or monitoring the behaviour of, an individual in the EU.
- benchmark 365’s Commitment
I Know IT Pty Ltd (ACN 33 110 231 528) (‘Benchmark 365’ or ‘we’ or ‘us’ or ‘our’) is a managed service provider providing IP support, project services, software solutions and sales and marketing support. It is likely that we are not legally compelled to be compliant with the GDPR, but we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles.
We are dedicated to developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new GDPR as well as the existing data protection laws that we must comply with – the Privacy Act and the Australian Privacy Principles.
Our preparation and objectives involve implementing procedures consistent with the GDPR. They have been summarised in this statement and include the development and implementation of data protection roles, policies, procedures, controls and measures.
- benchmark 365’s steps towards compliance with gdpr
In addition to, and in most cases consistent with, our pre-existing compliance with Australian data protection laws and regulations, we have done, and endeavor to do continually implement and enforce programs on:
- Information Audits
- Updating Policies & Procedures
- Data Protection generally
- Data Retention & Erasure & de-identification
- Data Breaches
- International Data Transfers & Third-Party Disclosures
- Subject Access Requests (SAR)
- Direct Marketing
- How and when we do Data Protection Impact Assessments (DPIA)
- What Processor Agreements we have in place and their termsHow we deal with Special Categories Data
- Data Subject Rights
In addition to the policies and procedures mentioned above, we understand your right to access any personal information that Benchmark 365 processes about them and to request information about: –
- The personal data we hold;
- How we sourced that personal data;
- Why we need that personal data;
- What we use the personal data for;
- All recipients to whom the personal data may/has been/will be disclosed;
- How we store your personal data.
Benchmark 365 will also honour (even if not legally completed to do so), at all times, the following rights that all individual have been granted under the GDPR:
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this. This is already a right under the Privacy Act in Australia.
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances.
- Information Security & Technical and Organisational Measures
Benchmark 365 takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process.
We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including: –
- Two factor authentication on all external services
- Server and workstation Encryption
- Record Segregation with Targeted Security Model
- Data Loss Prevention via Inspection of all Data Motion
- Continuous Staff Security Training
- Fake Phishing Campaigns to Test Employee Awareness
- Track and Report Employee Actions
- Routine Record Scrubbing to Remove Personalised Information
- GDPR Roles and Employees
Benchmark 365 have designated Adam Tyler as our Privacy and Data Protection Officer
We understand that continuous employee awareness and understanding is vital to the continued compliance with privacy laws
If you have any questions please contact the Privacy and Data Protection Officer.