What is the GDPR?
The General Data Protection Regulation came into force on 25 May 2018. The GDPR unifies data protection throughout the EU and updates data protection regulations to keep pace with changing technologies.
New under the GDPR
More data protection rights for individuals
As well as the existing rights of an individual, an individual now has the right to be forgotten and the right to be informed about data processing that are being carried out.
Protection of personal data by Design and Default
Organisations must use technical and organisational measures which show they have implemented personal data protection methods into data processing activities.
Organisations must not only comply with the GDPR, they must be able demonstrate compliance, through documented systems, procedures and processes.
ADInstruments and the GDPR
Prior to 25 May 2018 the ADInstruments Group of Companies (“ADInstruments”) developed the GDPR roadmap setting out what needed to be done for GDPR compliance.
- A comprehensive data audit and gap analysis.
- Mapping the flows of personal data through our systems and services – this map is a living document which will be updated regularly.
- Developing and implementing an ADInstruments data protection education programme for all parts of the business. This training includes education on the principles of Privacy by Design and Default.
- Conducting Privacy Impact Assessments for major new products.
- Engaging with our third-party vendors to make sure we have the appropriate measures in place to satisfy GDPR requirements.
- Modifying our procedures to deal with new individual rights, like the right to be forgotten.
- Updating our Incident Management Process to enable GDPR compliance.
- Creating a Cookies Opt-in process for visitors to the ADInstruments.com website.
- Producing a Data Processing Addendum for our Lt Customers.
- Finally, we’re keeping records of all we’ve done, so we can demonstrate compliance with the GDPR.
I am a customer of ADInstruments. What is my relationship with ADInstruments with respect to the GDPR?
As the customer, you are the Data Controller, ADInstruments is the Data Processor.
If you are a Subscriber to ADInstruments teaching platform Lt, please email firstname.lastname@example.org to arrange execution of our Data Processing Addendum (DPA).
Which other organisations process customer data on behalf of ADInstruments?
A list of ADInstruments sub-processors, and the process for appointing sub-processors is available here.
How does ADInstruments comply with EU data export restrictions?
If personal data is hosted or processed outside of the European Economic Area by ADInstruments we make sure it remains protected by appropriate safeguards in line with EU law.
Some EU personal data is processed in New Zealand which is recognised by the EU as an 'adequate' country (i.e. safe country) to receive and process EU personal data, pursuant to European Commission Decision 2013/65/EU.
If we process EU personal data in other territories, like the United States of America or Australia, we ensure "appropriate safeguards" are in place that are prescribed by GDPR – i.e., by entering into the European Commission’s Standard Contractual Clauses with the entity the data is transferred to, or by ensuring the entity is Privacy Shield certified (for transfers to US based entities).
What security measures does ADInstruments have in place to protect data?
We employ industry appropriate security measures to protect personal data and guard against access by unauthorised persons. Information is on secure computers and encrypted wherever possible. We conduct periodic reviews of our security policies and procedures to ensure that our systems are secure and protected.
Has ADInstruments appointed a Data Protection Officer?
Yes – the In-House Lawyer is the Data Protection Officer and may be contacted at email@example.com.
Do you have a question not answered here?
Please contact us at firstname.lastname@example.org so we may help you.