Procedures under GDPR followed by MPS & BBI International Ltd (covering our BBI Brandboost and DyNNamite divisions and any other of our business operations) relating to:
- Your right of access to data
- Your right to have your data erased
- Our actions in event of a data breach
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) aims to strengthen and unify data protection for all individuals within the European Union (EU). GDPR is part of UK legislation and will not be affected by the country leaving the EU. GDPR also addresses the export of personal data outside the EU.
GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Taking effect as from 25th May 2018, GDPR replaces data protection directive 95/46/EC of 1995
Your right of access to data
Should you wish access to personal data we hold on you then you can do so by contacting our GDPR dedicated email address gdpr@bbi.co.uk
1). Upon your request for access we will then ask the following questions:-
- Example of information you have received from our company or the client using our services so we can identify where the communication would have come from.
- Confirmation that you are happy to receive communication from us based upon your request.
Upon receiving the above information we will reply in writing (electronically) with the information we have relating to your request within 14 days via email (subject to your agreement to accept eletronic communication from us based upon your request).
2). Based upon the information you provide, we will:
- Record when the request was made and who made the request.
- We will then search through our systems and identify any data we have on you copying said information into a single word file document which will be emailed to you as the individual making the request.
Your right to have your data erased
Should you wish for information we hold on you to be erased from our systems then this request must be made in writing to either
Our GDPR dedicated email address gdpr@bbi.co.uk
Or via the post:
GDPR Officer
MPS & BBI International Ltd
Peerland House
207 Desborough Road
High Wycombe
Bucks
HP11 2QL
If an individual calls the office they will be asked to put the request in writing by one of the above two methods.
If you have already made the request for right of access and have received the information and following that request and you make a request for erasure; a note will be placed on our records confirming the request and said information will be deleted(*) from the identified areas.
If You have not made the request for right of access prior to making a request for erasure then we will go through the process of right of access to clearly identify said data and delete(*) it from our systems informing you of the actions taken and recording this on our records
(*) If any such information relates to business dealings which under UK Law need to be retained for 7 years BBI Brandboost will not erase the information and will inform the individual making the request accordingly.
Our actions in the event of a data breach
The ICO (Information Commissioner’s Office) states that under the GDPR there is a requirement for organisations to report a personal data breach that affects people’s rights and freedoms, without undue delay and, where feasible, not later than 72 hours after having become aware of it.
If it is unlikely that there is a risk to people’s rights and freedoms from the breach, the ICO states that there is no requirement to report it to them. The threshold to determine whether an incident needs to be reported to the ICO depends on the risk it poses to people involved.
Should we be alerted to a data breach of any kind from our business operations we would treat it as a serious issue and take immediate steps to:
- Investigate the claim
- Discover exactly what data had been breached
- Establish how the data breach had occurred
- Assess the category of risk the breach poses in terms of GDPR criteria
- Find out any fault or culpability that caused the breach to occur
- Work out the processes required for recovery of the data
- Review and initiate procedures to avoid such a data breach occurring again
The data that MPS & BBI Ltd habitually deals with does not come into the category of affecting people’s rights and freedoms. However, we would continually monitor data that we possess and assess any potential risks that it may constitute in this respect.
Subject to a data breach occurring, we would assess whether it came within the category of “affecting people’s rights and freedoms” and if we believed that it did, or might do so, would report it to the ICO as required by GDPR.
If you require further information or clarification on the above issues, please contact us at our GDPR dedicated email address gdpr@bbi.co.uk