Grwo complies with current EU data protection law and will comply with GDPR. We understand that our partners, suppliers and other stakeholders all have a requirement to comply with the Regulation.
The General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy, and to reshape the way organizations across the region approach data privacy. GDPR was adopted in April 2016 by the EU Parliament and will be effective on May 25, 2018.
Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject. Data subjects must take a positive action to give consent and have to be told what their personal data will be used for.
Personal data may only be collected for specified, explicit and legitimate purposes and must not be used for new, incompatible purposes.
Personal data must be adequate, relevant and limited to the specific purposes for which those data are processed, meaning only the data strictly necessary for the purpose shall be collected by a company.
Personal data must be accurate and, where necessary, kept up to date. Companies have to take every reasonable step to ensure that inaccurate personal data are either erased or rectified without delay.
Personal data shall not be retained for longer than is necessary for the purposes for which the personal data were collected and processed. There are specific provisions for the storage of data for historical, statistical or scientific purposes and when archiving date is in the public interest.
Personal data must be processed in a manner that ensures appropriate security of those data. Controllers are responsible for keeping the collected data secure, from both external and internal threats.