E-power Generators is not a data-driven company in the sense as stipulated by the GDPR Directive from May 2016.
However, e-power keeps records of personal data in the sense as stipulated in the above Directive.
These data will only be used in the light of precontractual and contractual relations as there are:
- offers based on requests from your company
- information about the use of generators
- information about (potential) cooperation between our companies
- sharing wishes at the occasion of official celebrations.
These data are managed by us as “Bonus Pater Familias” and are accessible upon a simple request by you as a person. You can also ask for modification or adjustment of these data.
Besides you have the right to request us not to keep records any longer of your data. Of course, processing of these data will be terminated accordingly.
In case you prefer that we stop using and processing your personal data, just send us an email to firstname.lastname@example.org with that simple request.
We thank you for your cooperation, your input and your understanding and remain,
Europower Generators bv
1. How can we minimise risks and protect e-power’s reputation?
Taking the following measures can help us to ensure our compliance to the new data protection legislation.
Define Personal Client Data — Document what types of personal data e-power processes, where it came from, and who we share it with to improve documentation.
Manage Data Streams and Processes — We will develop a roadmap to determine our sources for data input, data processing tools, techniques, and methodologies that we use, and how the data we hold are shared with other businesses.
Ensure Swift Response to Withdrawal Requests — We will respond to the customers’ requests of consent withdrawal in an efficient manner and update the system to flag that the user has withdrawn consent to prevent further direct marketing.
2. How can e-power protect personal data?
The new data protection regulations apply to data that allow direct or indirect identification of an individual by anyone. As a result, cookie IDs, online identifiers, device identifiers, and IP addresses are categorized as personal data under the GDPR.
To ensure the security and confidentially of the new defined categories of personal data, e-power can use the following measures:
Adopt a Protection by Design Approach — There are certain ‘protection by design’ techniques that e-power can use to protect the personal data of our customers. These include:
- Pseudonymization — Pseudonymization (such as encryption, tokenization, hashing) is a technique that involves categorization of the personal data of customers into two types in such a manner that one type can no longer be attributed to an individual unless accompanied by the second type of information which is kept separately and is subject to various data protection measures.
- Data Minimization — As the name implies, data minimization is about ensuring that only the data that are necessary for a specific purpose are processed, used, or stored.
3. How can e-power implement technical infrastructure that will ensure optimal governance of our client data?
GDPR not only requires e-power to implement a well-built and fool proof infrastructure to collect, store, and process data, but also directs us to continuously review and update the infrastructure. We will do so by ensuring our compliance to these new legislations.
Align Data & Analytics Strategy with Policies — e-power should focus on developing a data and analytics infrastructure that’s controlled, portable, and compliant.
To ensure this, data collection should be purpose driven, i.e. only data that is required to fulfil a specific requirement or purpose should be collected and processed.
Our customers and potential customers have the right to object to data collection and processing for direct marketing. Data collected with the consent of clients should be kept in self-controlled storage and processed according to all applicable data protection regulations.
4. How can e-power uphold these new regulations and define client data collection and storage?
To enhance the compliance of our client data collection and storage processes, e-power should study how to inform our personnel about the obligations pursuant to the regulation, about monitoring the implementation and application of adequate data protection policies and ensuring optimal training of staff involved in data collection and processing operations.
5. How can e-power handle different types of data streams?
E-power can define privacy levels, manage user rights, get an insight into how our info is being collected or used.
Many of the GDPR’s principles are much the same as the current data protection regulations. Therefore, if e-power is operating in compliance to the current law, we can use our current approach to data protection as a starting point to build a new, more robust and secure GDPR-compliant data protection infrastructure.