The General Data Protection Regulation (GDPR) is an act applicable from May 25th 2018 across the globe to all the organisations that collect, store, manage and process the personal data of European citizens. This regulation enables European citizens to have more control over their personal data which include every information that reveals their identity.
According to the European Commission, "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."
The GDPR is aimed to completely revolutionise the way organisations handle their user’s personal data. Once the law has come in effect, it is mandatory for all organisations to process the data transparently, legally and for a specific and genuine purpose. The breach of the new rules under the GDPR can lead to a penalty of €20 million (approximately $23.5 million USD) or 4% of your global annual turnover, whichever is greater.
Plumm complies with the GDPR guidelines. Some of them are the following.
Only collecting the data that is necessary for business operations.
Any data that is no more required should be deleted and need not to be kept longer than required.
Appointing a person in charge of data protection.
Accessing and processing the data for which consent has been given by the user.
Processing the data in accordance with the law.
When asked for consent, it should be clear and visible to the user such as an “opt in” tick box or button.
The user should be allowed to withdraw his/her consent anytime by simply opting out.
Not only the user but the employees should also have complete control over their information being shared with the organisation.
If and when requested by the user, organisation must provide a copy of the relevant personal data being processed within 1 month of request and free of cost.
Ensuring that the third parties (if involved) comply with the GDPR while the data is being shared with them for a necessary reason.
Healingclouds assures you that we are compliant with all guidelines of the GDPR. Our video sessions and chats are secure and fully encrypted. We have appointed an officer who manages the data protection. We also use Virgil and SSL security to further ensure that the details are secured between you and your therapist with a condition that the therapist must protect confidentiality and records of sessions.
You can also reach out to our Data Protection Officer Nabil Ismail at firstname.lastname@example.org for more details.