What Clients Should Do:
ADVISA will continue to focus on bringing you the best service, support, and consulting possible throughout ongoing changes with data privacy.
As a result of the Global Data Protection Regulation taking effect, ADVISA has lost the ability to view your PI database.
Enabling ADVISA (a third party) to access your PI data allows us to continue to consult, problem-solve, and help you troubleshoot the software as we always have.
We recommend you take the following steps:
1) Log in to your account here.
2) Select the Admin feature (gear icon) in the upper right-hand corner
3) Choose “Third Party External Users” to the left
4) Select ‘enable’ next to your PI Certified Partner’s name – Select All
If you have questions, please reach out to Leslie Phillips or Matt Roberts at 317-574-1550. We are here to help make this as smooth and easy as possible, and to keep your company’s data safe.
The European Commission has provided a list of new obligations that companies will face under the GDPR. While not exhaustive, and geared primarily towards smaller companies, this list provides an effective starting point to thinking about your GDPR obligations:
Protect the right of people giving you their data
- Communication: Tell data subjects in plain language who you are when you request the data, why you are processing their data, how long it will be stored, and who receives it.
- Consent: Get their clear consent to process the data.
- Access and Portability: Let people access their data and give it to another company.
- Warnings: Inform people of data breaches if there is a serious risk to them.
- Erase Data: Give people the ‘right to be forgotten.’ Erase their personal data if they ask, but only if it doesn’t compromise freedom of expression or the ability to research.
- Profiling: If you use profiling to process applications for legally-binding agreements like loans, there are specific responsibilities in the GDPR that you should become familiar with.
- Marketing: Give people the right to opt out of direct marketing that uses their data.
- Safeguarding sensitive data: Use extra safeguards for information on health, race, sexual orientation, religion and political beliefs.
- Data Transfers outside of the EU: Make legal arrangements when you transfer data to countries that have not been approved by the EU authorities.
Do data protection by design
Build data protection safeguards into your products and services from the earliest stages of development.
Check if you need a data protection officer
This is not always obligatory. It depends on the type and amount of data you collect, whether processing is your main business and if you do it on a large scale.
Review GDPR-specific record keeping requirements.
Anticipate with impact assessments
Impact assessments may be required for HIGH-RISK processing.
A Few Areas PI Clients May Wish to Consider:
- Information and Consent: Are you providing adequate information about use of personal data and obtaining proper consent from your assessment-takers (“data subjects”)?
- Data Retention: Have you considered how long you may keep data?
- Data Subject Requests: Do you have a process in place to address requests from data subjects?
Please contact us if you have further questions, comments or suggestions. If you wish to contact PI’s Privacy Team directly, they can be reached at firstname.lastname@example.org