The General Data Protection Regulation (GDPR) is a new legal framework set up by the European Union in April 2016 to build upon existing data protection legislation. GDPR came into effect on 25th May 2018 and has introduced a range of fresh guidelines spelling out the rights of consumers and dictating how companies can store and share information.

As a hugely significant change to the global business landscape, it is critical that Hekas embraces all aspects of GDPR to maintain full compliance.

Our obligations for GDPR compliance

Here at Hekas, we fully appreciate and support the European Union’s focus on expanding upon digital rights. As a company, we strongly believe in the need for greater business transparency and accountability concerning the collection and handling of personal data.

That is why Hekas is a firm advocate of GDPR and its many implications. These include among many other aspects:

The Right to Object to Processing

The Right to Be Forgotten

The Right to Data Portability

The Right to Withdraw Consent

As part of our commitment to GDPR and the rights of our customers and clients, Hekas vows to ensure our organisation considers and actions all necessary changes surrounding data processing, data storage and the disposal of personal data.

This includes a commitment to fully fulfil Breach Disclosure Requirements by notifying authorities and concerned individuals of any compromise within 72 hours. Moreover, as part of our GDPR strategy, Hekas will complete impact assessments wherever possible, to identify and deliver the best service possible, as well as to extend our customers a guarantee that data is being kept secure.

Furthermore, we pledge to uphold the following key values and responsibilities:

Hekas’s strategic values and responsibilities:

We vow to demonstrate full responsibility and dutiful respect as a keeper of customer, client and employee data.

We totally support GDPR and its requirements and will do everything within our power to appropriately resource and fund any changes we must enforce to ensure Everything Can Do UK LTD can meet its obligations.

We promise to maintain ownership and transparency concerning data protection and privacy across all elements of our company.

We pledge to create and maintain a purposeful data processing inventory documenting all data operations, including collection, processing and storage.

We guarantee to extend every possible show of support to individuals intent on exercising their rights as outlined under GDPR legislation.

We will conduct a regular review to assess the legality and purpose for the collection, processing and storage of personal data.

We vow to act upon identified gaps and develop robust processes to maintain full GDPR compliance.

We promise to clearly communicate the business purpose and legal grounds for any transfer of data – including transfer outside of the European Union.

We will contact all partner organisations, contractors or other third parties to identify their own GDPR commitments, establish relevant contract terms and solidify GDPR compliance controls.