WE ARE PREPARED FOR THE GDPR
At SSA Group, we worked hard to prepare for GDPR and ensure that we fulfil its obligations and maintain our transparency about personal data for our clients and how we use data. This was a massive improvement of our processes and data models to make sure we meet the GDPR obligations. The range of steps we have undertaken to be ready for GDPR include:
- A thorough examination and improvement of our internal and external data processing activities;
- An in-depth analysis of data security across our company;
- Implementation of the updates to our training, policies, and procedures.
We are committed to undertaking the following actions when processing the personal data for our customers:
- We implement technical and organizational measures to ensure a security level is appropriate to the risks associated with data processing, which include: security of gateways, servers, internal and external access to our networks and systems, password and access control polices;
- We only handle personal data which belong to our clients or are under their control, with their consent and in accordance with the agreement we have with our clients, a written instruction, or any other document required by the law;
- Our experienced Data Protection Officer holds full accountability for making sure all the internal and external data exchange processes within the company are fully compliant with GDPR;
- We make sure that only authorized employees subjected to confidential obligations have access to the personal data of our customers;
- We will not intentionally do anything to place your personal data in breach of the GDPR and will inform you immediately after becoming aware of any actual or suspected breach that might compromise your data;
- We will only engage GDPR-compliant sub-processors to assist in the performance of the services we deliver to you with your consent.
The above list is not limited by the aforementioned points and SSA Group is committed to meeting all of the obligations as a processor of personal data controlled by our clients or their end clients under the GDPR.